/// <summary> /// 解析语句 /// <para>抛出异常原因有:</para> /// <pare>1.数组长度与查找的语句字符数量不一致</pare> /// </summary> /// <param name="obj">数值的数量</param> /// <param name="cha">掩盖的字符</param> /// <param name="sQLMAINENUM">查找的语句</param> /// <returns>格式化后的字符串</returns> private static string completeSql(Object[] obj, Char cha, SQLMAINENUM sQLMAINENUM) { List <Char> list = new List <Char>(); string selectsql = enumIMPLMethod(sQLMAINENUM); string sql = ""; string str = ""; int index = 0; try { foreach (Char item in selectsql) { list.Add(item); } foreach (var item in list) { str = item.ToString(); if (item.Equals(cha)) { //拒绝sql注入,人人有责 str = obj[index].ToString(); index++; } sql += str; } } catch { return(null); } return(sql); }
/* /// <summary> * /// 查询关键字 * /// </summary> * /// <param name="home">开头</param> * /// <param name="end">结尾</param> * /// <returns>指定关键字的查询语句</returns> * private static string sqlFile(string home, string end) { * string all; * string Appoint; * FileStream fs = null; * StreamReader sr = null; * try { * fs = new FileStream("sqlLanguage.sql", FileMode.Open); * sr = new StreamReader(fs); * all = sr.ReadToEnd(); * int head = all.IndexOf(home) + home.Length; * string a = all.Substring(all.IndexOf(home)); * string b = all.Substring(all.IndexOf(end)); * int footer = all.IndexOf(end); * Appoint = all.Substring(head, footer - head); * } catch (Exception error) { * WriteError.write(error.Message); * return null; * } finally { * if (sr != null) { * sr.Close(); * } * if (fs != null) { * fs.Close(); * } * } * return Appoint; * }*/ /// <summary> /// 枚举实现方法 /// </summary> /// <param name="E"></param> /// <returns></returns> private static string enumIMPLMethod(SQLMAINENUM E) { string type = null; switch (E) { case SQLMAINENUM.SELECTNICKNAME: type = SQLMAINResources.SELECTNickName; break; case SQLMAINENUM.INSERT: type = SQLMAINResources.INSERT; break; case SQLMAINENUM.SELECTID: type = SQLMAINResources.SELECTID; break; case SQLMAINENUM.SELECTEMAIL: type = SQLMAINResources.SELECTEMAIL; break; case SQLMAINENUM.SELECTLOGONTIME: type = SQLMAINResources.SELECTLOGONTIME; break; case SQLMAINENUM.NOTICE: type = SQLMAINResources.NOTICE; break; case SQLMAINENUM.VERSIONS: type = SQLMAINResources.VERSIONS; break; case SQLMAINENUM.EMAIL: type = SQLMAINResources.EMAIL; break; case SQLMAINENUM.SQLINFO: type = SQLMAINResources.SQLINFO; break; // ->2020/3/6 Author:cctvadmin case SQLMAINENUM.VERIDANDEMAIL: type = SQLMAINResources.VERIDANDEMAIL; break; case SQLMAINENUM.INSERTFORGET: type = SQLMAINResources.INSERTFORGET; break; case SQLMAINENUM.UPDATEPWD: type = SQLMAINResources.UPDATEPWD; break; case SQLMAINENUM.GETDONATEIDANDMONEY: type = SQLMAINResources.GETDONATEIDANDMONEY; break; case SQLMAINENUM.GETDONATEEMAIL: type = SQLMAINResources.GETDONATEEMAIL; break; default: break; } return(type); }