/// <summary> /// 获取分页数据(防注入功能的) /// </summary> /// <param name="userInfo">用户信息</param> /// <param name="recordCount">记录条数</param> /// <param name="tableName">数据来源表名</param> /// <param name="selectField">选择字段</param> /// <param name="pageNo">当前页</param> /// <param name="pageSize">每页显示多少条</param> /// <param name="conditions">查询条件</param> /// <param name="dbParameters">查询参数</param> /// <param name="orderBy">排序字段</param> /// <returns>数据表</returns> public DataTable GetDataTableByPage(BaseUserInfo userInfo, out int recordCount, string tableName, string selectField, int pageNo, int pageSize, string conditions, List <KeyValuePair <string, object> > dbParameters, string orderBy) { DataTable result = null; var myRecordCount = 0; var dt = new DataTable(BaseModuleEntity.CurrentTableName); var parameter = ServiceInfo.Create(userInfo, MethodBase.GetCurrentMethod()); ServiceUtil.ProcessUserCenterReadDb(userInfo, parameter, (dbHelper) => { // 判断是否已经登录的用户? var userManager = new BaseUserManager(userInfo); // 判断是否已经登录的用户? if (userManager.UserIsLogon(userInfo)) { if (SecretUtil.IsSqlSafe(conditions)) { myRecordCount = dbHelper.GetCount(tableName, conditions, dbHelper.MakeParameters(dbParameters)); result = DbUtil.GetDataTableByPage(dbHelper, tableName, selectField, pageNo, pageSize, conditions, dbHelper.MakeParameters(dbParameters), orderBy); } else { // 记录注入日志 LogUtil.WriteLog("userInfo:" + userInfo.Serialize() + " " + conditions, "SqlSafe"); } } }); recordCount = myRecordCount; return(result); }
/// <summary> /// 分页查询 /// </summary> /// <param name="userInfo">用户</param> /// <param name="recordCount">记录数</param> /// <param name="pageIndex">当前页</param> /// <param name="pageSize">每页显示</param> /// <param name="whereClause">条件</param> /// <param name="dbParameters">参数</param> /// <param name="order">排序</param> /// <returns>数据表</returns> public DataTable GetDataTableByPage(BaseUserInfo userInfo, out int recordCount, int pageIndex, int pageSize, string whereClause, List <KeyValuePair <string, object> > dbParameters, string order = null) { var result = new DataTable(BaseMessageEntity.TableName); int myRecordCount = 0; var parameter = ServiceInfo.Create(userInfo, MethodBase.GetCurrentMethod()); ServiceUtil.ProcessMessageDb(userInfo, parameter, (dbHelper) => { if (SecretUtil.IsSqlSafe(whereClause)) { var messageManager = new BaseMessageManager(dbHelper, userInfo); result = messageManager.GetDataTableByPage(out myRecordCount, pageIndex, pageSize, whereClause, dbHelper.MakeParameters(dbParameters), order); result.TableName = BaseMessageEntity.TableName; // FileUtil.WriteMessage("userInfo1:" + userInfo.Serialize() + " " + whereClause, "D:/Web/DotNet.CommonV4.2/DotNet.WCFService/Log/" + "SqlSafe" + DateTime.Now.ToString(BaseSystemInfo.DateFormat) + ".txt"); // FileUtil.WriteMessage("userInfo2:" + userInfo.Serialize() + " " + whereClause, System.Web.HttpContext.Current.Server.MapPath("~/Log/") + "SqlSafe" + DateTime.Now.ToString(BaseSystemInfo.DateFormat) + ".txt"); } else { if (System.Web.HttpContext.Current != null) { // 记录注入日志 FileUtil.WriteMessage("userInfo:" + userInfo.Serialize() + " " + whereClause, System.Web.HttpContext.Current.Server.MapPath("~/Log/") + "SqlSafe" + DateTime.Now.ToString(BaseSystemInfo.DateFormat) + ".txt"); } } }); recordCount = myRecordCount; return(result); }
public DataTable GetDataTableByPage(BaseUserInfo userInfo, out int recordCount, string tableName, string selectField, int pageIndex, int pageSize, string conditions, IDbDataParameter[] dbParameters, string orderBy) { DataTable result = null; recordCount = 0; string connectionString = string.Empty; connectionString = ConfigurationHelper.AppSettings("OpenMasDbConnection", BaseSystemInfo.EncryptDbConnection); if (!string.IsNullOrEmpty(connectionString)) { if (SecretUtil.IsSqlSafe(conditions)) { using (IDbHelper dbHelper = DbHelperFactory.GetHelper(CurrentDbType.SqlServer, connectionString)) { recordCount = DbLogic.GetCount(dbHelper, tableName, conditions, dbParameters); result = DbLogic.GetDataTableByPage(dbHelper, tableName, selectField, pageIndex, pageSize, conditions, dbParameters, orderBy); } } else { if (System.Web.HttpContext.Current != null) { // 记录注入日志 FileUtil.WriteMessage("userInfo:" + userInfo.Serialize() + " " + conditions, System.Web.HttpContext.Current.Server.MapPath("~/Log/") + "SqlSafe" + DateTime.Now.ToString(BaseSystemInfo.DateFormat) + ".txt"); } } } return(result); }
/// <summary> /// 获取分页数据(防注入功能的) /// </summary> /// <param name="recordCount">记录条数</param> /// <param name="tableName">数据来源表名</param> /// <param name="selectField">选择字段</param> /// <param name="pageIndex">当前页</param> /// <param name="pageSize">每页显示多少条</param> /// <param name="conditions">查询条件</param> /// <param name="dbParameters">查询参数</param> /// <param name="orderBy">排序字段</param> /// <returns>数据表</returns> public DataTable GetDataTableByPage(BaseUserInfo userInfo, out int recordCount, string tableName, string selectField, int pageIndex, int pageSize, string conditions, List <KeyValuePair <string, object> > dbParameters, string orderBy) { DataTable result = null; // 判断是否已经登录的用户? var userManager = new BaseUserManager(userInfo); recordCount = 0; // 判断是否已经登录的用户? if (userManager.UserIsLogOn(userInfo)) { if (SecretUtil.IsSqlSafe(conditions)) { recordCount = DbLogic.GetCount(DbHelper, tableName, conditions, DbHelper.MakeParameters(dbParameters)); result = DbLogic.GetDataTableByPage(DbHelper, tableName, selectField, pageIndex, pageSize, conditions, DbHelper.MakeParameters(dbParameters), orderBy); } else { if (System.Web.HttpContext.Current != null) { // 记录注入日志 DotNet.Utilities.FileUtil.WriteMessage("userInfo:" + userInfo.Serialize() + " " + conditions, System.Web.HttpContext.Current.Server.MapPath("~/Log/") + "SqlSafe" + DateTime.Now.ToString(BaseSystemInfo.DateFormat) + ".txt"); } } } return(result); }
/// <summary> /// 分页查询 /// </summary> /// <param name="userInfo">用户</param> /// <param name="recordCount">记录数</param> /// <param name="pageNo">当前页</param> /// <param name="pageSize">每页显示</param> /// <param name="condition">条件</param> /// <param name="dbParameters">参数</param> /// <param name="order">排序</param> /// <returns>数据表</returns> public DataTable GetDataTableByPage(BaseUserInfo userInfo, out int recordCount, int pageNo, int pageSize, string condition, List <KeyValuePair <string, object> > dbParameters, string order = null) { var result = new DataTable(BaseUserEntity.CurrentTableName); var myRecordCount = 0; var parameter = ServiceInfo.Create(userInfo, MethodBase.GetCurrentMethod()); ServiceUtil.ProcessUserCenterReadDb(userInfo, parameter, (dbHelper) => { if (SecretUtil.IsSqlSafe(condition)) { var userManager = new BaseUserManager(dbHelper, userInfo) { ShowUserLogonInfo = false }; result = userManager.GetDataTableByPage(out myRecordCount, pageNo, pageSize, condition, dbHelper.MakeParameters(dbParameters), order); result.TableName = BaseUserEntity.CurrentTableName; } else { // 记录注入日志 LogUtil.WriteLog("userInfo:" + userInfo.Serialize() + " " + condition, "SqlSafe"); } }); recordCount = myRecordCount; return(result); }
/// <summary> /// 查询用户列表 /// </summary> /// <param name="userInfo">用户</param> /// <param name="recordCount">记录条数</param> /// <param name="pageNo">第几页</param> /// <param name="pageSize">每页显示条数</param> /// <param name="permissionCode">操作权限</param> /// <param name="conditions">条件</param> /// <param name="sort">排序</param> /// <returns>数据表</returns> public DataTable SearchUserByPage(BaseUserInfo userInfo, out int recordCount, int pageNo, int pageSize, string permissionCode, string conditions, string sort = null) { var departmentId = string.Empty; var myrecordCount = 0; var dt = new DataTable(BaseUserEntity.CurrentTableName); var parameter = ServiceInfo.Create(userInfo, MethodBase.GetCurrentMethod()); ServiceUtil.ProcessUserCenterReadDb(userInfo, parameter, (dbHelper) => { if (SecretUtil.IsSqlSafe(conditions)) { var userManager = new BaseUserManager(dbHelper, userInfo) { ShowUserLogonInfo = true }; dt = userManager.SearchLogByPage(out myrecordCount, pageNo, pageSize, permissionCode, conditions, sort); dt.TableName = BaseUserEntity.CurrentTableName; } else { // 记录注入日志 LogUtil.WriteLog("userInfo:" + userInfo.Serialize() + " " + conditions, "SqlSafe"); } }); recordCount = myrecordCount; return(dt); }
/// <summary> /// 查询用户列表 /// </summary> /// <param name="userInfo">用户</param> /// <param name="recordCount">记录条数</param> /// <param name="pageIndex">第几页</param> /// <param name="pageSize">每页显示条数</param> /// <param name="permissionCode">操作权限</param> /// <param name="conditions">条件</param> /// <param name="sort">排序</param> /// <returns>数据表</returns> public DataTable SearchUserByPage(BaseUserInfo userInfo, out int recordCount, int pageIndex, int pageSize, string permissionCode, string conditions, string sort = null) { string departmentId = string.Empty; int myrecordCount = 0; var dt = new DataTable(BaseUserEntity.TableName); var parameter = ServiceInfo.Create(userInfo, MethodBase.GetCurrentMethod()); ServiceUtil.ProcessUserCenterReadDb(userInfo, parameter, (dbHelper) => { if (SecretUtil.IsSqlSafe(conditions)) { var userManager = new BaseUserManager(dbHelper, userInfo); userManager.ShowUserLogOnInfo = true; dt = userManager.SearchLogByPage(out myrecordCount, pageIndex, pageSize, permissionCode, conditions, sort); dt.TableName = BaseUserEntity.TableName; } else { if (System.Web.HttpContext.Current != null) { // 记录注入日志 FileUtil.WriteMessage("userInfo:" + userInfo.Serialize() + " " + conditions, System.Web.HttpContext.Current.Server.MapPath("~/Log/") + "SqlSafe" + DateTime.Now.ToString(BaseSystemInfo.DateFormat) + ".txt"); } } }); recordCount = myrecordCount; return(dt); }
/// <summary> /// 获取分页数据(防注入功能的) /// </summary> /// <param name="userInfo">用户信息</param> /// <param name="recordCount">记录条数</param> /// <param name="tableName">数据来源表名</param> /// <param name="selectField">选择字段</param> /// <param name="pageNo">当前页</param> /// <param name="pageSize">每页显示多少条</param> /// <param name="conditions">查询条件</param> /// <param name="dbParameters">查询参数</param> /// <param name="orderBy">排序字段</param> /// <returns>数据表</returns> public DataTable GetDataTableByPage(BaseUserInfo userInfo, out int recordCount, string tableName, string selectField, int pageNo, int pageSize, string conditions, List <KeyValuePair <string, object> > dbParameters, string orderBy) { DataTable result = null; // 判断是否已经登录的用户? var userManager = new BaseUserManager(userInfo); recordCount = 0; // 判断是否已经登录的用户? if (userManager.UserIsLogon(userInfo)) { if (SecretUtil.IsSqlSafe(conditions)) { recordCount = DbHelper.GetCount(tableName, conditions, DbHelper.MakeParameters(dbParameters)); result = DbUtil.GetDataTableByPage(DbHelper, tableName, selectField, pageNo, pageSize, conditions, DbHelper.MakeParameters(dbParameters), orderBy); } else { // 记录注入日志 LogUtil.WriteLog("userInfo:" + userInfo.Serialize() + " " + conditions, "SqlSafe"); } } return(result); }
/// <summary> /// 获取分页数据(防注入功能的) /// </summary> /// <param name="recordCount">记录条数</param> /// <param name="tableName">数据来源表名</param> /// <param name="selectField">选择字段</param> /// <param name="pageIndex">当前页</param> /// <param name="pageSize">每页显示多少条</param> /// <param name="conditions">查询条件</param> /// <param name="dbParameters">查询参数</param> /// <param name="orderBy">排序字段</param> /// <returns>数据表</returns> public DataTable GetDataTableByPage(BaseUserInfo userInfo, out int recordCount, string tableName, string selectField, int pageIndex, int pageSize, string conditions, List <KeyValuePair <string, object> > dbParameters, string orderBy) { DataTable result = null; int myRecordCount = 0; var dt = new DataTable(BaseModuleEntity.TableName); var parameter = ServiceInfo.Create(userInfo, MethodBase.GetCurrentMethod()); ServiceUtil.ProcessUserCenterReadDb(userInfo, parameter, (dbHelper) => { // 判断是否已经登录的用户? var userManager = new BaseUserManager(userInfo); // 判断是否已经登录的用户? if (userManager.UserIsLogOn(userInfo)) { if (SecretUtil.IsSqlSafe(conditions)) { myRecordCount = DbLogic.GetCount(dbHelper, tableName, conditions, dbHelper.MakeParameters(dbParameters)); result = DbLogic.GetDataTableByPage(dbHelper, tableName, selectField, pageIndex, pageSize, conditions, dbHelper.MakeParameters(dbParameters), orderBy); } else { if (System.Web.HttpContext.Current != null) { // 记录注入日志 FileUtil.WriteMessage("userInfo:" + userInfo.Serialize() + " " + conditions, System.Web.HttpContext.Current.Server.MapPath("~/Log/") + "SqlSafe" + DateTime.Now.ToString(BaseSystemInfo.DateFormat) + ".txt"); } } } }); recordCount = myRecordCount; return(result); }