public static void Error(string typ, string error, string trace) { //string _user = HttpContext.Current.User.Identity.Name; string _ip = SafeValue.SafeString(HttpContext.Current.Request.ServerVariables.Get("REMOTE_ADDR")); string _method = SafeValue.SafeString(HttpContext.Current.Request.ServerVariables.Get("HTTP_METHOD")); string _url = SafeValue.SafeString(HttpContext.Current.Request.ServerVariables.Get("HTTP_URL")); string _agent = SafeValue.SafeString(HttpContext.Current.Request.ServerVariables.Get("HTTP_USER_AGENT")); string _auth = HttpContext.Current.Request.IsAuthenticated ? "Y" : "N"; string _user = !HttpContext.Current.Request.IsAuthenticated ? "Guest" : HttpContext.Current.User.Identity.Name; SqlConnection conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["local"].ConnectionString); conn.Open(); string sql = string.Format(@"insert into LogError( LogType,LogUser,LogTime, LogAction,LogModule,LogEntity,LogKey, ErrorInfo, ErrorTrace, HttpAddress,HttpMethod, HttpUrl, HttpAgent,HttpAuth) values('0','{1}',GetDate(), '','','','', @error, @trace, '{2}','{3}','{4}','{5}','{6}' )" , typ, _user, _ip, _method, _url, _agent, _auth); SqlCommand cmd = new SqlCommand(sql, conn); cmd.Parameters.Add(new SqlParameter("@error", error)); cmd.Parameters.Add(new SqlParameter("@trace", trace)); SafeValue.SafeSqlString(cmd.ExecuteNonQuery()); conn.Close(); }
protected void grid_RowUpdating(object sender, DevExpress.Web.Data.ASPxDataUpdatingEventArgs e) { e.NewValues["Description"] = SafeValue.SafeString(e.NewValues["Description"]); string type = SafeValue.SafeSqlString(Request.QueryString["type"]); this.dsWhMastData.FilterExpression = "Type='" + type + "'"; }
protected void grid_InitNewRow(object sender, DevExpress.Web.Data.ASPxDataInitNewRowEventArgs e) { string type = SafeValue.SafeSqlString(Request.QueryString["type"]); e.NewValues["Code"] = ""; e.NewValues["Description"] = " "; e.NewValues["Type"] = type; }
protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { string type = SafeValue.SafeSqlString(Request.QueryString["type"]); this.dsWhMastData.FilterExpression = "Type='" + type + "'"; } }
static public string GetPortName(object portCode) { if (SafeValue.SafeString(portCode, "").Length > 0) { string sql = "select name from XXPort where Code='" + portCode + "'"; return(SafeValue.SafeSqlString(C2.Manager.ORManager.ExecuteScalar(sql))); } return(""); }
static public string GetPartyName(object partyId) { if (SafeValue.SafeString(partyId, "").Length > 0) { string sql = "select name from XXParty where PartyId='" + partyId + "'"; return(SafeValue.SafeSqlString(C2.Manager.ORManager.ExecuteScalar(sql))); } return(""); }
protected void grid_RowInserting(object sender, DevExpress.Web.Data.ASPxDataInsertingEventArgs e) { if (SafeValue.SafeString(e.NewValues["Code"], "").Length < 1) { e.Cancel = true; throw new Exception("The Code not null"); } e.NewValues["Description"] = SafeValue.SafeString(e.NewValues["Description"]); string type = SafeValue.SafeSqlString(Request.QueryString["type"]); e.NewValues["Type"] = type; this.dsWhMastData.FilterExpression = "Type='" + type + "'"; }
static public string GetPartyId(object partyName) { if (SafeValue.SafeString(partyName, "").Length > 0) { string value = ""; SqlConnection conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["SqlConnectString"].ConnectionString); conn.Open(); SqlCommand cmd = new SqlCommand("select PartyId from XXParty where Name=@name", conn); SqlParameter para = new SqlParameter("@name", SqlDbType.VarChar, 1000); //创建一个名为@p_user,类型为varchar,长度为20的参数。 para.Value = partyName; //给para赋值p.puSER。 cmd.Parameters.Add(para); //给cmd命令添加参数。 value = SafeValue.SafeSqlString(cmd.ExecuteScalar()); conn.Close(); return(value); } return(""); }