You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
256 lines
9.3 KiB
C#
256 lines
9.3 KiB
C#
using HuizhongLibrary.Log;
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.Globalization;
|
|
using System.Linq;
|
|
using System.Text;
|
|
|
|
namespace HuizhongLibrary.Data
|
|
{
|
|
#region 分页查询服务
|
|
public class QueryService
|
|
{
|
|
/// <summary>
|
|
/// 表名
|
|
/// </summary>
|
|
public string Tables { get; set; }
|
|
/// <summary>
|
|
/// 排序
|
|
/// </summary>
|
|
public string Sort { get; set; }
|
|
/// <summary>
|
|
/// 当前页索引
|
|
/// </summary>
|
|
public int PageIndex { get; set; }
|
|
/// <summary>
|
|
/// 每页行数
|
|
/// </summary>
|
|
public int PageSize { get; set; }
|
|
/// <summary>
|
|
/// 列名
|
|
/// </summary>
|
|
public string Fields { get; set; }
|
|
/// <summary>
|
|
/// 条件
|
|
/// </summary>
|
|
public string Filter { get; set; }
|
|
/// <summary>
|
|
/// 主键
|
|
/// </summary>
|
|
public string KeyName { get; set; }
|
|
|
|
public string GetText()
|
|
{
|
|
if (string.IsNullOrEmpty(Tables) == true) throw new Exception("表名不能为空");
|
|
if (string.IsNullOrEmpty(Fields) == true) throw new Exception("列名不能为空");
|
|
if (string.IsNullOrEmpty(KeyName) == true) throw new Exception("主键不能为空");
|
|
if (PageIndex < 1) throw new Exception("当前页不能小于1");
|
|
if (PageSize < 1) throw new Exception("每页行数不能小于1");
|
|
if (string.IsNullOrEmpty(Sort) == true) { Sort = " order by " + this.KeyName + " desc"; }
|
|
else { Sort = " order by " + Sort; }
|
|
string tsql = "";
|
|
if (PageIndex == 1)
|
|
{
|
|
//第一页提高性能
|
|
//查询记录总数,返回给@RowCount输出参数
|
|
tsql += "select @RowCount=count(0) from " + Tables + " " + Filter + "\r\n";
|
|
//返回数据
|
|
tsql += "select top " + PageSize.ToString() + " " + Fields + " from " + Tables + " " + Filter + " " + Sort;
|
|
}
|
|
else
|
|
{
|
|
int start = PageSize * (PageIndex - 1) + 1;
|
|
int stop = PageSize * PageIndex;
|
|
//查询记录总数,返回给@RowCount输出参数
|
|
tsql += "select @RowCount=count(1) from " + Tables + " " + Filter + "\r\n";
|
|
|
|
//插入临时表
|
|
tsql += @"select top " + stop.ToString() + " identity(int,1,1) as RowIndex," + Fields + " into #temptable from " + Tables + " " + Filter + " " + Sort + "\r\n";
|
|
//查询总记录数
|
|
//tsql += "select @RowCount=count(1) from #temptable" + "\r\n";
|
|
//返回数据
|
|
tsql += "select * from #temptable where RowIndex between " + start.ToString() + " and " + stop.ToString();
|
|
}
|
|
bool bk= CustomIO.CheckSQL(tsql,false);
|
|
if (bk == false)
|
|
{
|
|
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
|
|
throw new Exception("疑似SQL注入攻击,不允许执行");
|
|
}
|
|
bk = CustomIO.CheckSQL(Sort, true);
|
|
if (bk == false)
|
|
{
|
|
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
|
|
throw new Exception("疑似SQL注入攻击,不允许执行");
|
|
}
|
|
return tsql;
|
|
}
|
|
}
|
|
#endregion
|
|
#region 分页查询服务2
|
|
public class QueryService2
|
|
{
|
|
/// <summary>
|
|
/// 排序
|
|
/// </summary>
|
|
public string Sort { get; set; }
|
|
/// <summary>
|
|
/// 当前页索引
|
|
/// </summary>
|
|
public int PageIndex { get; set; }
|
|
/// <summary>
|
|
/// 每页行数
|
|
/// </summary>
|
|
public int PageSize { get; set; }
|
|
/// <summary>
|
|
/// Tsql
|
|
/// </summary>
|
|
public string Tsql { get; set; }
|
|
|
|
|
|
public string GetText()
|
|
{
|
|
if (string.IsNullOrEmpty(Tsql) == true) throw new Exception("Tsql不能为空");
|
|
if (PageIndex < 1) throw new Exception("当前页不能小于1");
|
|
if (PageSize < 1) throw new Exception("每页行数不能小于1");
|
|
Sort = " order by " + Sort;
|
|
|
|
|
|
CompareInfo Compare = CultureInfo.InvariantCulture.CompareInfo;
|
|
int index = Compare.IndexOf(this.Tsql, "from", CompareOptions.IgnoreCase);
|
|
int index2 = Compare.IndexOf(this.Tsql, "select", CompareOptions.IgnoreCase)+6;
|
|
string tsql2 = this.Tsql.Substring(index);
|
|
string tsql = "select @RowCount=count(0) "+ tsql2 + System.Environment.NewLine;
|
|
|
|
if (PageIndex == 1)
|
|
{
|
|
//第一页提高性能
|
|
//查询记录总数,返回给@RowCount输出参数
|
|
//返回数据
|
|
tsql += "select top " + PageSize.ToString() + " " + this.Tsql.Substring(index2) + " " + Sort;
|
|
}
|
|
else
|
|
{
|
|
int start = PageSize * (PageIndex - 1) + 1;
|
|
int stop = PageSize * PageIndex;
|
|
//查询记录总数,返回给@RowCount输出参数
|
|
//插入临时表
|
|
tsql += @"select top " + stop.ToString() + " identity(int,1,1) as RowIndex," + this.Tsql.Substring(index2, index- index2) + " into #temptable " + tsql2 + " " + Sort + System.Environment.NewLine;
|
|
//查询总记录数
|
|
//tsql += "select @RowCount=count(1) from #temptable" + "\r\n";
|
|
//返回数据
|
|
tsql += "select * from #temptable where RowIndex between " + start.ToString() + " and " + stop.ToString();
|
|
}
|
|
bool bk = CustomIO.CheckSQL(tsql, false);
|
|
if (bk == false)
|
|
{
|
|
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
|
|
throw new Exception("疑似SQL注入攻击,不允许执行");
|
|
}
|
|
bk = CustomIO.CheckSQL(Sort, true);
|
|
if (bk == false)
|
|
{
|
|
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
|
|
throw new Exception("疑似SQL注入攻击,不允许执行");
|
|
}
|
|
return tsql;
|
|
}
|
|
|
|
public string Filter(string where)
|
|
{
|
|
return where;
|
|
}
|
|
|
|
|
|
|
|
}
|
|
#endregion
|
|
|
|
#region 普通查询服务
|
|
public class QueryOrdService
|
|
{
|
|
/// <summary>
|
|
/// 表名
|
|
/// </summary>
|
|
public string Tables { get; set; }
|
|
/// <summary>
|
|
/// 排序
|
|
/// </summary>
|
|
public string Sort { get; set; }
|
|
/// <summary>
|
|
/// 列名
|
|
/// </summary>
|
|
public string Fields { get; set; }
|
|
/// <summary>
|
|
/// 条件
|
|
/// </summary>
|
|
public string Filter { get; set; }
|
|
/// <summary>
|
|
/// 主键
|
|
/// </summary>
|
|
public string KeyName { get; set; }
|
|
|
|
public string GetText()
|
|
{
|
|
if (string.IsNullOrEmpty(Tables) == true) throw new Exception("表名不能为空");
|
|
if (string.IsNullOrEmpty(Fields) == true) throw new Exception("列名不能为空");
|
|
if (string.IsNullOrEmpty(Sort) == true) { Sort = " order by " + this.KeyName + " desc"; }
|
|
|
|
else { Sort = " order by " + Sort; }
|
|
|
|
string tsql = "select " + Fields + " from " + Tables + " " + Filter + Sort + "\r\n";
|
|
bool bk = CustomIO.CheckSQL(tsql, false);
|
|
if (bk == false)
|
|
{
|
|
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
|
|
throw new Exception("疑似SQL注入攻击,不允许执行");
|
|
}
|
|
bk = CustomIO.CheckSQL(Sort, true);
|
|
if (bk == false)
|
|
{
|
|
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
|
|
throw new Exception("疑似SQL注入攻击,不允许执行");
|
|
}
|
|
return tsql;
|
|
}
|
|
}
|
|
#endregion
|
|
#region 普通查询服务2
|
|
public class QueryOrdService2
|
|
{
|
|
/// <summary>
|
|
/// 排序
|
|
/// </summary>
|
|
public string Sort { get; set; }
|
|
/// <summary>
|
|
/// Tsql
|
|
/// </summary>
|
|
public string Tsql { get; set; }
|
|
|
|
|
|
public string GetText()
|
|
{
|
|
if (string.IsNullOrEmpty(Tsql) == true) throw new Exception("Tsql不能为空");
|
|
if (string.IsNullOrEmpty(Sort)==false)Sort = " order by " + Sort;
|
|
CompareInfo Compare = CultureInfo.InvariantCulture.CompareInfo;
|
|
int index = Compare.IndexOf(this.Tsql, "select", CompareOptions.IgnoreCase) + 6;
|
|
string tsql = "select " + this.Tsql.Substring(index) + " " + Sort;
|
|
bool bk = CustomIO.CheckSQL(tsql, false);
|
|
if (bk == false)
|
|
{
|
|
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
|
|
throw new Exception("疑似SQL注入攻击,不允许执行");
|
|
}
|
|
bk = CustomIO.CheckSQL(Sort, true);
|
|
if (bk == false)
|
|
{
|
|
ErrorFollow.TraceWrite("疑似SQL注入攻击,不允许执行", "", tsql);
|
|
throw new Exception("疑似SQL注入攻击,不允许执行");
|
|
}
|
|
return tsql;
|
|
}
|
|
}
|
|
#endregion
|
|
|
|
}
|