public object SelectOrder([FromBody] SelectOrderModel sm) { try { var addr = Server.GetUserIp(Request.HttpContext); if (Server.IpHandle(addr) == 0) { return(new[] { "your ip can't using our api , please contact administrator" }); } var account = HttpContext.Session.GetString("user_account"); if (account == null) { return(new { result = 401, msg = "not login" }); } var re = OrderServer.SelectOrder(sm); return(re); } catch (Exception e) { return(new { result = e.HResult, msg = e.Message }); } }
/// <summary> /// 筛选订单 /// </summary> /// <param name="sm">筛选模型</param> /// <returns>筛选结果</returns> public static object SelectOrder(SelectOrderModel sm) { using (var con = new SqlConnection(Server.SqlConString)) { con.Open(); var message = ""; var sqlCom = new SqlCommand("sp_SelectOrder", con) { CommandType = CommandType.StoredProcedure }; sqlCom.Parameters.AddRange(new[] { new SqlParameter { ParameterName = "@theaterId", Direction = ParameterDirection.Input, SqlDbType = SqlDbType.Int, Value = sm.TheaterId }, new SqlParameter { ParameterName = "@userId", Direction = ParameterDirection.Input, SqlDbType = SqlDbType.Int, Value = sm.UserId }, new SqlParameter { ParameterName = "@tradeDate", Direction = ParameterDirection.Input, SqlDbType = SqlDbType.Date, Value = sm.TradeDate }, new SqlParameter { ParameterName = "@type", Direction = ParameterDirection.Input, SqlDbType = SqlDbType.Int, Value = sm.Type }, new SqlParameter { ParameterName = "@message", Direction = ParameterDirection.Output, Size = 30, SqlDbType = SqlDbType.VarChar, Value = message }, new SqlParameter { ParameterName = "@return", Direction = ParameterDirection.ReturnValue, SqlDbType = SqlDbType.Int } }); sqlCom.ExecuteNonQuery(); var msg = (string)sqlCom.Parameters["@message"].Value; var data = new List <object>(); var reader = sqlCom.ExecuteReader(); while (reader.Read()) { data.Add(new { orderId = (int)reader[0], ticketId = (int)reader[1], userId = (int)reader[2], type = (int)reader[3], dateTime = (DateTime)reader[4], theaterId = (int)reader[5] }); } return(new { result = (int)sqlCom.Parameters["@return"].Value, msg, data }); } }