using Common.Model; using System; using System.Configuration; using System.Data; using System.Data.SqlClient; using System.Text.RegularExpressions; namespace Repository { public class Dao { private string GetConnectionString() { return ConfigurationManager.ConnectionStrings["RemittanceDB"].ConnectionString; } ///

/// Get Command TimeOut ///

/// private int GetCommandTimeOut() { int cto = 0; try { int.TryParse(ConfigurationManager.AppSettings["cto"].ToString(), out cto); if (cto == 0) cto = 30; } catch { cto = 30; } return cto; } ///

/// Execute Data set ///

/// /// public DataSet ExecuteDataset(string sql) { var ds = new DataSet(); var conStr = GetConnectionString(); using (var con = new SqlConnection(conStr)) { var cmd = new SqlCommand(sql, con); cmd.CommandTimeout = GetCommandTimeOut(); SqlDataAdapter da; try { da = new SqlDataAdapter(cmd); da.Fill(ds); da.Dispose(); } catch (Exception ex) { throw ex; } finally { da = null; cmd.Dispose(); } return ds; } } ///

/// Filter String to check Sql Injection ///

/// /// public String FilterString(string strVal) { var str = FilterQuote(strVal); if (str.ToLower() != "null") str = "'" + str + "'"; return str; } ///

/// Filter String to check Sql Injection ///

/// /// public String FilterStringUnicode(string strVal) { var str = FilterQuote(strVal); if (str.ToLower() != "null") str = "N'" + str + "'"; return str; } ///

/// Filter Xml Node String to check Sql injection ///

/// /// public String FilterXmlNodeString(string strVal) { var str = FilterQuote(strVal); return str; } ///

/// Filter Quote to check sql Injection ///

/// /// public String FilterQuote(string strVal) { if (string.IsNullOrEmpty(strVal)) { strVal = ""; } var str = strVal.Trim(); if (!string.IsNullOrEmpty(str)) { str = str.Replace(";", ""); //str = str.Replace(",", ""); str = str.Replace("--", ""); str = str.Replace("'", ""); str = str.Replace("/*", ""); str = str.Replace("*/", ""); str = Regex.Replace(str, " select ", string.Empty, RegexOptions.IgnoreCase); str = Regex.Replace(str, " insert ", string.Empty, RegexOptions.IgnoreCase); str = Regex.Replace(str, " update ", string.Empty, RegexOptions.IgnoreCase); str = Regex.Replace(str, " delete ", string.Empty, RegexOptions.IgnoreCase); str = Regex.Replace(str, " drop ", string.Empty, RegexOptions.IgnoreCase); str = Regex.Replace(str, " truncate ", string.Empty, RegexOptions.IgnoreCase); str = Regex.Replace(str, " create ", string.Empty, RegexOptions.IgnoreCase); str = Regex.Replace(str, " begin ", string.Empty, RegexOptions.IgnoreCase); str = Regex.Replace(str, " end ", string.Empty, RegexOptions.IgnoreCase); str = Regex.Replace(str, " char ", string.Empty, RegexOptions.IgnoreCase); str = Regex.Replace(str, " exec ", string.Empty, RegexOptions.IgnoreCase); str = Regex.Replace(str, " xp_cmd ", string.Empty, RegexOptions.IgnoreCase); str = Regex.Replace(str, @"<.*?>", string.Empty); } else { str = "null"; } return str; } ///

/// Parse DbResult ///

/// /// public DbResult ParseDbResult(DataTable dt) { var res = new DbResult(); if (dt.Rows.Count > 0) { res.ResponseCode = dt.Rows[0][0].ToString(); res.Msg = dt.Rows[0][1].ToString(); res.Id = dt.Rows[0][2].ToString(); if (dt.Columns.Count > 3) { res.Extra = dt.Rows[0][3].ToString(); } if (dt.Columns.Count > 4) { res.Extra2 = dt.Rows[0][4].ToString(); } if (dt.Columns.Count > 4) { res.Extra2 = dt.Rows[0][4].ToString(); } if (dt.Columns.Count > 5) { res.Extra3 = dt.Rows[0][5].ToString(); } } return res; } ///

/// Parse DbResult ///

/// /// public DbResult ParseDbResult(string sql) { return ParseDbResult(ExecuteDataset(sql).Tables[0]); } ///

/// Execute sql and return Data Table ///

/// /// public DataTable ExecuteDataTable(string sql) { using (var ds = ExecuteDataset(sql)) { if (ds == null || ds.Tables.Count == 0) return null; return ds.Tables[0]; } } ///

/// Execute sql and return Data Row ///

/// /// public DataRow ExecuteDataRow(string sql) { using (var ds = ExecuteDataset(sql)) { if (ds == null || ds.Tables.Count == 0) return null; if (ds.Tables[0].Rows.Count == 0) return null; return ds.Tables[0].Rows[0]; } } ///

/// Convert data row To String ///

/// /// public string ConvertDrToString(object dr) { if (dr != DBNull.Value) { return dr.ToString(); } return string.Empty; } ///

/// Convert Datarow To Decimal ///

/// /// public Decimal ConvertDrToDecimal(object dr) { if (dr != DBNull.Value) { return Convert.ToDecimal(dr.ToString()); } return 0; } ///

/// Convert Datarow ToInt64 ///

/// /// public Int64 ConvertDrToInt64(object dr) { if (dr != DBNull.Value) { return Convert.ToInt64(dr.ToString()); } return 0; } ///

/// Convert Datarow To Date ///

/// /// public DateTime ConvertDrToDate(object dr) { if (dr != DBNull.Value) { return Convert.ToDateTime(dr.ToString()); } return DateTime.MinValue; } ///

/// Convert Datarow To Int ///

/// /// public Int16 ConvertDrToInt(object dr) { if (dr != DBNull.Value) { return Convert.ToInt16(dr.ToString()); } return 0; } ///

/// Parse Quote to check sql Injection ///

/// /// public string ParseQuote(string val) { return "\"" + val + "\""; } public String GetSingleResult(string sql) { try { var ds = ExecuteDataset(sql); if (ds == null || ds.Tables.Count == 0 || ds.Tables[0].Rows.Count == 0) return ""; return ds.Tables[0].Rows[0][0].ToString(); } catch (Exception ex) { throw ex; } } internal T ParseDbResult(string sql) { throw new NotImplementedException(); } } }