|
|
using Common.Model; using System; using System.Configuration; using System.Data; using System.Data.SqlClient; using System.Text; using System.Web;
namespace Repository.DAO.Application { public class ApplicationDAO : IApplicationDAO { private readonly SqlConnection _connection = new SqlConnection();
private void OpenConnection() { _connection.ConnectionString = ConfigurationManager.ConnectionStrings["dbConnection"].ConnectionString; if (_connection.State == ConnectionState.Open) _connection.Close(); _connection.Open(); }
private void CloseConnection() { if (_connection.State == ConnectionState.Open) this._connection.Close(); }
public DataSet ExecuteDataset(StringBuilder sql) { string sqlString = sql.ToString(); var ds = new DataSet(); SqlDataAdapter da;
try { OpenConnection(); da = new SqlDataAdapter(sqlString, _connection);
da.Fill(ds); da.Dispose(); CloseConnection(); } catch (Exception ex) { throw ex; } finally { da = null; CloseConnection(); } return ds; }
public DataTable ExecuteDataTable(StringBuilder sql) { using (var ds = ExecuteDataset(sql)) { if (ds == null || ds.Tables.Count == 0) return null;
return ds.Tables[0]; } }
public DataRow ExecuteDataRow(StringBuilder sql) { using (var ds = ExecuteDataset(sql)) { if (ds == null || ds.Tables.Count == 0) return null;
if (ds.Tables[0].Rows.Count == 0) return null;
return ds.Tables[0].Rows[0]; } }
public String FilterString(object strVal) { var stVal = Convert.ToString(strVal); var str = FilterQuote(stVal);
if (str.ToLower() != "null") str = "'" + str + "'";
return str; }
public String FilterQuoteNative(string strVal) { if (string.IsNullOrEmpty(strVal)) { strVal = ""; } var str = Encode(strVal.Trim());
if (!string.IsNullOrEmpty(str)) { str = str.Replace(";", ""); //str = str.Replace(",", "");
str = str.Replace("--", ""); str = str.Replace("'", "");
str = str.Replace("/*", ""); str = str.Replace("*/", "");
str = str.Replace(" select ", ""); str = str.Replace(" insert ", ""); str = str.Replace(" update ", ""); str = str.Replace(" delete ", "");
str = str.Replace(" drop ", ""); str = str.Replace(" truncate ", ""); str = str.Replace(" create ", "");
str = str.Replace(" begin ", ""); str = str.Replace(" end ", ""); str = str.Replace(" char(", "");
str = str.Replace(" exec ", ""); str = str.Replace(" xp_cmd ", "");
str = str.Replace("<script", ""); } else { str = "null"; } return str; }
private string Encode(string strVal) { var sb = new StringBuilder(HttpUtility.HtmlEncode(HttpUtility.JavaScriptStringEncode(strVal))); // Selectively allow <b> and <i>
sb.Replace("<b>", "<b>"); sb.Replace("</b>", ""); sb.Replace("<i>", "<i>"); sb.Replace("</i>", ""); return sb.ToString(); }
public String FilterQuote(string strVal) { if (string.IsNullOrEmpty(strVal)) { strVal = ""; } var str = strVal.Trim();
if (!string.IsNullOrEmpty(str)) { str = str.Replace(";", ""); //str = str.Replace(",", "");
str = str.Replace("--", ""); str = str.Replace("'", "");
str = str.Replace("/*", ""); str = str.Replace("*/", "");
str = str.Replace(" select ", ""); str = str.Replace(" insert ", ""); str = str.Replace(" update ", ""); str = str.Replace(" delete ", "");
str = str.Replace(" drop ", ""); str = str.Replace(" truncate ", ""); str = str.Replace(" create ", "");
str = str.Replace(" begin ", ""); str = str.Replace(" end ", ""); str = str.Replace(" char(", "");
str = str.Replace(" exec ", ""); str = str.Replace(" xp_cmd ", "");
str = str.Replace("<script", ""); } else { str = "null"; } return str; }
public DbResponse ParseDbResult(DataTable dt) { var res = new DbResponse(); if (dt.Rows.Count > 0) { res.ResponseCode = dt.Rows[0][0].ToString(); res.Msg = dt.Rows[0][1].ToString(); res.Id = dt.Rows[0][2].ToString(); if (dt.Columns.Count > 3) { res.Extra = dt.Rows[0][3].ToString(); } if (dt.Columns.Count > 4) { res.Extra2 = dt.Rows[0][4].ToString(); } } return res; }
public DbResponse ParseDbResult(StringBuilder sql) { return ParseDbResult(ExecuteDataset(sql).Tables[0]); }
public DataTable GetTable(StringBuilder sql) { var ds = new DataSet(); SqlDataAdapter da; string sqlString = sql.ToString(); try { OpenConnection(); da = new SqlDataAdapter(sqlString, _connection);
da.Fill(ds); da.Dispose(); CloseConnection(); } catch (Exception ex) { throw ex; } finally { da = null; CloseConnection(); } return ds.Tables[0]; } } }
|