//20180325 Yanhua Liu add for angular
        public string GetProducts()
        {
            string currentPage = Request.Query["CurrentPage"];

            if (currentPage == null)
            {
                return(GetProductsTotal());
            }
            int    curPage   = Convert.ToInt32(currentPage);
            int    pageCount = Convert.ToInt32((string)Request.Query["PageCount"]);
            string sql       = "SELECT ProductId, Products.CategoryId AS CategoryId, Name, ImageFileName, UnitCost"
                               + ", Description, CategoryName "
                               + "FROM Products INNER JOIN Categories ON Products.CategoryId = Categories.CategoryId "
            ;
            string categoryName = Request.Query["CategoryName"];

            if (categoryName != null)
            {
                if (categoryName.Length > 20 || categoryName.IndexOf("'") > -1 || categoryName.IndexOf("#") > -1)
                {
                    return("");
                }
                sql += " WHERE CategoryName = @p0 ";
            }
            sql += "ORDER BY ProductId ASC "
                   + "OFFSET " + (pageCount * (curPage - 1)).ToString() + " ROWS "
                   + "FETCH NEXT " + pageCount.ToString() + " ROWS ONLY ";

            var     products    = _context.CatalogViewModel.FromSql(sql, categoryName);
            decimal roleDicount = UserRolesAdmin.getDiscount(HttpContext.Session.Get <UserRolesAdmin>("Role"));
            string  json        = JsonConvert.SerializeObject(new { data = products, discount = roleDicount });

            return(json);
        }
        // GET: Catalog?CategoryName=XX
        public IActionResult Index()
        {
            if ((string)Request.Query["NotUseAngular"] == null)
            {
                ViewBag.UseAngular = true;
                string categoryN = Request.Query["CategoryName"];
                if (categoryN != null)
                {
                    ViewBag.CategoryName = categoryN;
                }
                //20180327 Yanhua Liu add for showing discount price;

                ViewBag.Discount = UserRolesAdmin.getDiscount(HttpContext.Session.Get <UserRolesAdmin>("Role"));
                return(View());
            }
            //140903 JPC add CategoryName to SELECT list of fields
            string SQL = "SELECT ProductId, Products.CategoryId AS CategoryId, Name, ImageFileName, UnitCost"
                         + ", SUBSTRING(Description, 1, 100) + '...' AS Description, CategoryName "
                         + "FROM Products INNER JOIN Categories ON Products.CategoryId = Categories.CategoryId ";
            string categoryName = Request.Query["CategoryName"];

            if (categoryName != null)
            {
                //140903 JPC security check - if ProductId is dodgy then return bad request and log the fact
                //  of a possible hacker attack.  Excessive length or containing possible control characters
                //  are cause for concern!  TODO move this into a separate reusable code method with more sophistication.
                if (categoryName.Length > 20 || categoryName.IndexOf("'") > -1 || categoryName.IndexOf("#") > -1)
                {
                    //TODO Code to log this event and send alert email to admin
                    return(BadRequest()); // Http status code 400
                }

                //140903 JPC  Passed the above test so extend SQL
                //150807 JPC Security improvement @p0
                SQL += " WHERE CategoryName = @p0";
                //SQL += " WHERE CategoryName = '{0}'";
                //SQL = String.Format(SQL, CategoryName);
                //Send extra info to the view that this is the selected CategoryName
                ViewBag.CategoryName = categoryName;
            }

            //150807 JPC Security improvement implementation of @p0
            var products = _context.CatalogViewModel.FromSql(SQL, categoryName);

            return(View(products.ToList()));
        }