using HuizhongLibrary.Log;
using System;
using System.Collections.Generic;
using System.Globalization;
using System.Linq;
using System.Text;
namespace HuizhongLibrary.Data
{
#region 分页查询服务
public class QueryService
{
///
/// 表名
///
public string Tables { get; set; }
///
/// 排序
///
public string Sort { get; set; }
///
/// 当前页索引
///
public int PageIndex { get; set; }
///
/// 每页行数
///
public int PageSize { get; set; }
///
/// 列名
///
public string Fields { get; set; }
///
/// 条件
///
public string Filter { get; set; }
///
/// 主键
///
public string KeyName { get; set; }
public string GetText()
{
if (string.IsNullOrEmpty(Tables) == true) throw new Exception("表名不能为空");
if (string.IsNullOrEmpty(Fields) == true) throw new Exception("列名不能为空");
if (string.IsNullOrEmpty(KeyName) == true) throw new Exception("主键不能为空");
if (PageIndex < 1) throw new Exception("当前页不能小于1");
if (PageSize < 1) throw new Exception("每页行数不能小于1");
if (string.IsNullOrEmpty(Sort) == true) { Sort = " order by " + this.KeyName + " desc"; }
else { Sort = " order by " + Sort; }
string tsql = "";
if (PageIndex == 1)
{
//第一页提高性能
//查询记录总数,返回给@RowCount输出参数
tsql += "select @RowCount=count(0) from " + Tables + " " + Filter + "\r\n";
//返回数据
tsql += "select top " + PageSize.ToString() + " " + Fields + " from " + Tables + " " + Filter + " " + Sort;
}
else
{
int start = PageSize * (PageIndex - 1) + 1;
int stop = PageSize * PageIndex;
//查询记录总数,返回给@RowCount输出参数
tsql += "select @RowCount=count(1) from " + Tables + " " + Filter + "\r\n";
//插入临时表
tsql += @"select top " + stop.ToString() + " identity(int,1,1) as RowIndex," + Fields + " into #temptable from " + Tables + " " + Filter + " " + Sort + "\r\n";
//查询总记录数
//tsql += "select @RowCount=count(1) from #temptable" + "\r\n";
//返回数据
tsql += "select * from #temptable where RowIndex between " + start.ToString() + " and " + stop.ToString();
}
bool bk= CustomIO.CheckSQL(tsql,false);
if (bk == false)
{
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
throw new Exception("疑似SQL注入攻击,不允许执行");
}
bk = CustomIO.CheckSQL(Sort, true);
if (bk == false)
{
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
throw new Exception("疑似SQL注入攻击,不允许执行");
}
return tsql;
}
}
#endregion
#region 分页查询服务2
public class QueryService2
{
///
/// 排序
///
public string Sort { get; set; }
///
/// 当前页索引
///
public int PageIndex { get; set; }
///
/// 每页行数
///
public int PageSize { get; set; }
///
/// Tsql
///
public string Tsql { get; set; }
public string GetText()
{
if (string.IsNullOrEmpty(Tsql) == true) throw new Exception("Tsql不能为空");
if (PageIndex < 1) throw new Exception("当前页不能小于1");
if (PageSize < 1) throw new Exception("每页行数不能小于1");
Sort = " order by " + Sort;
CompareInfo Compare = CultureInfo.InvariantCulture.CompareInfo;
int index = Compare.IndexOf(this.Tsql, "from", CompareOptions.IgnoreCase);
int index2 = Compare.IndexOf(this.Tsql, "select", CompareOptions.IgnoreCase)+6;
string tsql2 = this.Tsql.Substring(index);
string tsql = "select @RowCount=count(0) "+ tsql2 + System.Environment.NewLine;
if (PageIndex == 1)
{
//第一页提高性能
//查询记录总数,返回给@RowCount输出参数
//返回数据
tsql += "select top " + PageSize.ToString() + " " + this.Tsql.Substring(index2) + " " + Sort;
}
else
{
int start = PageSize * (PageIndex - 1) + 1;
int stop = PageSize * PageIndex;
//查询记录总数,返回给@RowCount输出参数
//插入临时表
tsql += @"select top " + stop.ToString() + " identity(int,1,1) as RowIndex," + this.Tsql.Substring(index2, index- index2) + " into #temptable " + tsql2 + " " + Sort + System.Environment.NewLine;
//查询总记录数
//tsql += "select @RowCount=count(1) from #temptable" + "\r\n";
//返回数据
tsql += "select * from #temptable where RowIndex between " + start.ToString() + " and " + stop.ToString();
}
bool bk = CustomIO.CheckSQL(tsql, false);
if (bk == false)
{
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
throw new Exception("疑似SQL注入攻击,不允许执行");
}
bk = CustomIO.CheckSQL(Sort, true);
if (bk == false)
{
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
throw new Exception("疑似SQL注入攻击,不允许执行");
}
return tsql;
}
public string Filter(string where)
{
return where;
}
}
#endregion
#region 普通查询服务
public class QueryOrdService
{
///
/// 表名
///
public string Tables { get; set; }
///
/// 排序
///
public string Sort { get; set; }
///
/// 列名
///
public string Fields { get; set; }
///
/// 条件
///
public string Filter { get; set; }
///
/// 主键
///
public string KeyName { get; set; }
public string GetText()
{
if (string.IsNullOrEmpty(Tables) == true) throw new Exception("表名不能为空");
if (string.IsNullOrEmpty(Fields) == true) throw new Exception("列名不能为空");
if (string.IsNullOrEmpty(Sort) == true) { Sort = " order by " + this.KeyName + " desc"; }
else { Sort = " order by " + Sort; }
string tsql = "select " + Fields + " from " + Tables + " " + Filter + Sort + "\r\n";
bool bk = CustomIO.CheckSQL(tsql, false);
if (bk == false)
{
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
throw new Exception("疑似SQL注入攻击,不允许执行");
}
bk = CustomIO.CheckSQL(Sort, true);
if (bk == false)
{
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
throw new Exception("疑似SQL注入攻击,不允许执行");
}
return tsql;
}
}
#endregion
#region 普通查询服务2
public class QueryOrdService2
{
///
/// 排序
///
public string Sort { get; set; }
///
/// Tsql
///
public string Tsql { get; set; }
public string GetText()
{
if (string.IsNullOrEmpty(Tsql) == true) throw new Exception("Tsql不能为空");
if (string.IsNullOrEmpty(Sort)==false)Sort = " order by " + Sort;
CompareInfo Compare = CultureInfo.InvariantCulture.CompareInfo;
int index = Compare.IndexOf(this.Tsql, "select", CompareOptions.IgnoreCase) + 6;
string tsql = "select " + this.Tsql.Substring(index) + " " + Sort;
bool bk = CustomIO.CheckSQL(tsql, false);
if (bk == false)
{
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
throw new Exception("疑似SQL注入攻击,不允许执行");
}
bk = CustomIO.CheckSQL(Sort, true);
if (bk == false)
{
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
throw new Exception("疑似SQL注入攻击,不允许执行");
}
return tsql;
}
}
#endregion
}