You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
240 lines
6.9 KiB
240 lines
6.9 KiB
using Common.Model;
|
|
using System;
|
|
using System.Configuration;
|
|
using System.Data;
|
|
using System.Data.SqlClient;
|
|
using System.Text;
|
|
using System.Web;
|
|
|
|
namespace Repository.DAO.Application
|
|
{
|
|
public class ApplicationDAO : IApplicationDAO
|
|
{
|
|
private readonly SqlConnection _connection = new SqlConnection();
|
|
|
|
private void OpenConnection()
|
|
{
|
|
_connection.ConnectionString = ConfigurationManager.ConnectionStrings["dbConnection"].ConnectionString;
|
|
if (_connection.State == ConnectionState.Open)
|
|
_connection.Close();
|
|
_connection.Open();
|
|
}
|
|
|
|
private void CloseConnection()
|
|
{
|
|
if (_connection.State == ConnectionState.Open)
|
|
this._connection.Close();
|
|
}
|
|
|
|
public DataSet ExecuteDataset(StringBuilder sql)
|
|
{
|
|
string sqlString = sql.ToString();
|
|
var ds = new DataSet();
|
|
SqlDataAdapter da;
|
|
|
|
try
|
|
{
|
|
OpenConnection();
|
|
da = new SqlDataAdapter(sqlString, _connection);
|
|
|
|
da.Fill(ds);
|
|
da.Dispose();
|
|
CloseConnection();
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
throw ex;
|
|
}
|
|
finally
|
|
{
|
|
da = null;
|
|
CloseConnection();
|
|
}
|
|
return ds;
|
|
}
|
|
|
|
public DataTable ExecuteDataTable(StringBuilder sql)
|
|
{
|
|
using (var ds = ExecuteDataset(sql))
|
|
{
|
|
if (ds == null || ds.Tables.Count == 0)
|
|
return null;
|
|
|
|
return ds.Tables[0];
|
|
}
|
|
}
|
|
|
|
public DataRow ExecuteDataRow(StringBuilder sql)
|
|
{
|
|
using (var ds = ExecuteDataset(sql))
|
|
{
|
|
if (ds == null || ds.Tables.Count == 0)
|
|
return null;
|
|
|
|
if (ds.Tables[0].Rows.Count == 0)
|
|
return null;
|
|
|
|
return ds.Tables[0].Rows[0];
|
|
}
|
|
}
|
|
|
|
public String FilterString(object strVal)
|
|
{
|
|
var stVal = Convert.ToString(strVal);
|
|
var str = FilterQuote(stVal);
|
|
|
|
if (str.ToLower() != "null")
|
|
str = "'" + str + "'";
|
|
|
|
return str;
|
|
}
|
|
|
|
public String FilterQuoteNative(string strVal)
|
|
{
|
|
if (string.IsNullOrEmpty(strVal))
|
|
{
|
|
strVal = "";
|
|
}
|
|
var str = Encode(strVal.Trim());
|
|
|
|
if (!string.IsNullOrEmpty(str))
|
|
{
|
|
str = str.Replace(";", "");
|
|
//str = str.Replace(",", "");
|
|
str = str.Replace("--", "");
|
|
str = str.Replace("'", "");
|
|
|
|
str = str.Replace("/*", "");
|
|
str = str.Replace("*/", "");
|
|
|
|
str = str.Replace(" select ", "");
|
|
str = str.Replace(" insert ", "");
|
|
str = str.Replace(" update ", "");
|
|
str = str.Replace(" delete ", "");
|
|
|
|
str = str.Replace(" drop ", "");
|
|
str = str.Replace(" truncate ", "");
|
|
str = str.Replace(" create ", "");
|
|
|
|
str = str.Replace(" begin ", "");
|
|
str = str.Replace(" end ", "");
|
|
str = str.Replace(" char(", "");
|
|
|
|
str = str.Replace(" exec ", "");
|
|
str = str.Replace(" xp_cmd ", "");
|
|
|
|
str = str.Replace("<script", "");
|
|
}
|
|
else
|
|
{
|
|
str = "null";
|
|
}
|
|
return str;
|
|
}
|
|
|
|
private string Encode(string strVal)
|
|
{
|
|
var sb = new StringBuilder(HttpUtility.HtmlEncode(HttpUtility.JavaScriptStringEncode(strVal)));
|
|
// Selectively allow <b> and <i>
|
|
sb.Replace("<b>", "<b>");
|
|
sb.Replace("</b>", "");
|
|
sb.Replace("<i>", "<i>");
|
|
sb.Replace("</i>", "");
|
|
return sb.ToString();
|
|
}
|
|
|
|
public String FilterQuote(string strVal)
|
|
{
|
|
if (string.IsNullOrEmpty(strVal))
|
|
{
|
|
strVal = "";
|
|
}
|
|
var str = strVal.Trim();
|
|
|
|
if (!string.IsNullOrEmpty(str))
|
|
{
|
|
str = str.Replace(";", "");
|
|
//str = str.Replace(",", "");
|
|
str = str.Replace("--", "");
|
|
str = str.Replace("'", "");
|
|
|
|
str = str.Replace("/*", "");
|
|
str = str.Replace("*/", "");
|
|
|
|
str = str.Replace(" select ", "");
|
|
str = str.Replace(" insert ", "");
|
|
str = str.Replace(" update ", "");
|
|
str = str.Replace(" delete ", "");
|
|
|
|
str = str.Replace(" drop ", "");
|
|
str = str.Replace(" truncate ", "");
|
|
str = str.Replace(" create ", "");
|
|
|
|
str = str.Replace(" begin ", "");
|
|
str = str.Replace(" end ", "");
|
|
str = str.Replace(" char(", "");
|
|
|
|
str = str.Replace(" exec ", "");
|
|
str = str.Replace(" xp_cmd ", "");
|
|
|
|
str = str.Replace("<script", "");
|
|
}
|
|
else
|
|
{
|
|
str = "null";
|
|
}
|
|
return str;
|
|
}
|
|
|
|
public DbResponse ParseDbResult(DataTable dt)
|
|
{
|
|
var res = new DbResponse();
|
|
if (dt.Rows.Count > 0)
|
|
{
|
|
res.ResponseCode = dt.Rows[0][0].ToString();
|
|
res.Msg = dt.Rows[0][1].ToString();
|
|
res.Id = dt.Rows[0][2].ToString();
|
|
if (dt.Columns.Count > 3)
|
|
{
|
|
res.Extra = dt.Rows[0][3].ToString();
|
|
}
|
|
if (dt.Columns.Count > 4)
|
|
{
|
|
res.Extra2 = dt.Rows[0][4].ToString();
|
|
}
|
|
}
|
|
return res;
|
|
}
|
|
|
|
public DbResponse ParseDbResult(StringBuilder sql)
|
|
{
|
|
return ParseDbResult(ExecuteDataset(sql).Tables[0]);
|
|
}
|
|
|
|
public DataTable GetTable(StringBuilder sql)
|
|
{
|
|
var ds = new DataSet();
|
|
SqlDataAdapter da;
|
|
string sqlString = sql.ToString();
|
|
try
|
|
{
|
|
OpenConnection();
|
|
da = new SqlDataAdapter(sqlString, _connection);
|
|
|
|
da.Fill(ds);
|
|
da.Dispose();
|
|
CloseConnection();
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
throw ex;
|
|
}
|
|
finally
|
|
{
|
|
da = null;
|
|
CloseConnection();
|
|
}
|
|
return ds.Tables[0];
|
|
}
|
|
}
|
|
}
|