IME-LONDON
/
BankingSystem
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 Commits
2 Branches
0 Tags
63 MiB
Tree: 6573a14af2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6573a14af2'
${ noResults }
BankingSystem/Repository/DAO/Application/ApplicationDAO.cs

239 lines
6.9 KiB
Raw Normal View History

4 years ago
  1. using Common.Model;
  2. using System;
  3. using System.Configuration;
  4. using System.Data;
  5. using System.Data.SqlClient;
  6. using System.Text;
  7. using System.Web;
  9. namespace Repository.DAO.Application
  10. {
  11. public class ApplicationDAO : IApplicationDAO
  12. {
  13. private readonly SqlConnection _connection = new SqlConnection();
  15. private void OpenConnection()
  16. {
  17. _connection.ConnectionString = ConfigurationManager.ConnectionStrings["dbConnection"].ConnectionString;
  18. if (_connection.State == ConnectionState.Open)
  19. _connection.Close();
  20. _connection.Open();
  21. }
  23. private void CloseConnection()
  24. {
  25. if (_connection.State == ConnectionState.Open)
  26. this._connection.Close();
  27. }
  29. public DataSet ExecuteDataset(StringBuilder sql)
  30. {
  31. string sqlString = sql.ToString();
  32. var ds = new DataSet();
  33. SqlDataAdapter da;
  35. try
  36. {
  37. OpenConnection();
  38. da = new SqlDataAdapter(sqlString, _connection);
  40. da.Fill(ds);
  41. da.Dispose();
  42. CloseConnection();
  43. }
  44. catch (Exception ex)
  45. {
  46. throw ex;
  47. }
  48. finally
  49. {
  50. da = null;
  51. CloseConnection();
  52. }
  53. return ds;
  54. }
  56. public DataTable ExecuteDataTable(StringBuilder sql)
  57. {
  58. using (var ds = ExecuteDataset(sql))
  59. {
  60. if (ds == null || ds.Tables.Count == 0)
  61. return null;
  63. return ds.Tables[0];
  64. }
  65. }
  67. public DataRow ExecuteDataRow(StringBuilder sql)
  68. {
  69. using (var ds = ExecuteDataset(sql))
  70. {
  71. if (ds == null || ds.Tables.Count == 0)
  72. return null;
  74. if (ds.Tables[0].Rows.Count == 0)
  75. return null;
  77. return ds.Tables[0].Rows[0];
  78. }
  79. }
  81. public String FilterString(object strVal)
  82. {
  83. var stVal = Convert.ToString(strVal);
  84. var str = FilterQuote(stVal);
  86. if (str.ToLower() != "null")
  87. str = "'" + str + "'";
  89. return str;
  90. }
  92. public String FilterQuoteNative(string strVal)
  93. {
  94. if (string.IsNullOrEmpty(strVal))
  95. {
  96. strVal = "";
  97. }
  98. var str = Encode(strVal.Trim());
  100. if (!string.IsNullOrEmpty(str))
  101. {
  102. str = str.Replace(";", "");
  103. //str = str.Replace(",", "");
  104. str = str.Replace("--", "");
  105. str = str.Replace("'", "");
  107. str = str.Replace("/*", "");
  108. str = str.Replace("*/", "");
  110. str = str.Replace(" select ", "");
  111. str = str.Replace(" insert ", "");
  112. str = str.Replace(" update ", "");
  113. str = str.Replace(" delete ", "");
  115. str = str.Replace(" drop ", "");
  116. str = str.Replace(" truncate ", "");
  117. str = str.Replace(" create ", "");
  119. str = str.Replace(" begin ", "");
  120. str = str.Replace(" end ", "");
  121. str = str.Replace(" char(", "");
  123. str = str.Replace(" exec ", "");
  124. str = str.Replace(" xp_cmd ", "");
  126. str = str.Replace("<script", "");
  127. }
  128. else
  129. {
  130. str = "null";
  131. }
  132. return str;
  133. }
  135. private string Encode(string strVal)
  136. {
  137. var sb = new StringBuilder(HttpUtility.HtmlEncode(HttpUtility.JavaScriptStringEncode(strVal)));
  138. // Selectively allow <b> and <i>
  139. sb.Replace("&lt;b&gt;", "<b>");
  140. sb.Replace("&lt;/b&gt;", "");
  141. sb.Replace("&lt;i&gt;", "<i>");
  142. sb.Replace("&lt;/i&gt;", "");
  143. return sb.ToString();
  144. }
  146. public String FilterQuote(string strVal)
  147. {
  148. if (string.IsNullOrEmpty(strVal))
  149. {
  150. strVal = "";
  151. }
  152. var str = strVal.Trim();
  154. if (!string.IsNullOrEmpty(str))
  155. {
  156. str = str.Replace(";", "");
  157. //str = str.Replace(",", "");
  158. str = str.Replace("--", "");
  159. str = str.Replace("'", "");
  161. str = str.Replace("/*", "");
  162. str = str.Replace("*/", "");
  164. str = str.Replace(" select ", "");
  165. str = str.Replace(" insert ", "");
  166. str = str.Replace(" update ", "");
  167. str = str.Replace(" delete ", "");
  169. str = str.Replace(" drop ", "");
  170. str = str.Replace(" truncate ", "");
  171. str = str.Replace(" create ", "");
  173. str = str.Replace(" begin ", "");
  174. str = str.Replace(" end ", "");
  175. str = str.Replace(" char(", "");
  177. str = str.Replace(" exec ", "");
  178. str = str.Replace(" xp_cmd ", "");
  180. str = str.Replace("<script", "");
  181. }
  182. else
  183. {
  184. str = "null";
  185. }
  186. return str;
  187. }
  189. public DbResponse ParseDbResult(DataTable dt)
  190. {
  191. var res = new DbResponse();
  192. if (dt.Rows.Count > 0)
  193. {
  194. res.ResponseCode = dt.Rows[0][0].ToString();
  195. res.Msg = dt.Rows[0][1].ToString();
  196. res.Id = dt.Rows[0][2].ToString();
  197. if (dt.Columns.Count > 3)
  198. {
  199. res.Extra = dt.Rows[0][3].ToString();
  200. }
  201. if (dt.Columns.Count > 4)
  202. {
  203. res.Extra2 = dt.Rows[0][4].ToString();
  204. }
  205. }
  206. return res;
  207. }
  209. public DbResponse ParseDbResult(StringBuilder sql)
  210. {
  211. return ParseDbResult(ExecuteDataset(sql).Tables[0]);
  212. }
  214. public DataTable GetTable(StringBuilder sql)
  215. {
  216. var ds = new DataSet();
  217. SqlDataAdapter da;
  218. string sqlString = sql.ToString();
  219. try
  220. {
  221. OpenConnection();
  222. da = new SqlDataAdapter(sqlString, _connection);
  224. da.Fill(ds);
  225. da.Dispose();
  226. CloseConnection();
  227. }
  228. catch (Exception ex)
  229. {
  230. throw ex;
  231. }
  232. finally
  233. {
  234. da = null;
  235. CloseConnection();
  236. }
  237. return ds.Tables[0];
  238. }
  239. }
  240. }