1
using System;
2using System.Data;
3using System.Configuration;
4using System.Web;
5using System.Web.Security;
6using System.Web.UI;
7using System.Web.UI.WebControls;
8using System.Web.UI.WebControls.WebParts;
9using System.Web.UI.HtmlControls;
10using System.Data.SqlClient;
11using System.Threading;
12
/// <summary>
13
/// BaseClass 的摘要说明
14
/// </summary>
15
16public class BaseClass
17{
18 public BaseClass()
19
{
20 //
21 // TODO: 在此处添加构造函数逻辑
22 //
23
}
24 /// <summary>
25 /// 说明:MessageBox用来在客户端弹出对话框。
26 /// 参数:TxtMessage 对话框中显示的内容。
27 /// 创建日期:2007-11-20
28 /// 创建人:冒得味口
29 /// </summary>
30 public string MessageBox(string TxtMessage)
31 {
32 string str;
33 str = "<script language=javascript>alert('" + TxtMessage + "')</script>";
34 return str;
35 }
36 /// <summary>
37 /// 说明:ExecSQL用来执行SQL语句。
38 /// 返回值:操作是否成功(True\False)。
39 /// 参数:sQueryString SQL字符串
40 /// 创建日期:2007-11-22
41 /// 创建人:冒得味口
42 /// </summary>
43 public Boolean ExecSQL(string sQueryString)
44 {
45 SqlConnection con = new SqlConnection(ConfigurationManager.AppSettings["conStr"]);
46 con.Open();
47 SqlCommand dbCommand = new SqlCommand(sQueryString, con);
48 try
49 {
50 dbCommand.ExecuteNonQuery();
51 con.Close();
52 }
53 catch
54 {
55 con.Close();
56 return false;
57 }
58 return true;
59 }
60 /// <summary>
61 /// 说明:GetDataSet数据集,返回数据源的数据集
62 /// 返回值:数据集DataSet
63 /// 参数:sQueryString SQL字符串,TableName 数据表名称
64 /// 创建日期:2007-11-22
65 /// 创建人:冒得味口
66 /// </summary>
67 public System.Data.DataSet GetDataSet(string sQueryString, string TableName)
68 {
69 SqlConnection con = new SqlConnection(ConfigurationManager.AppSettings["conStr"]);
70 con.Open();
71 SqlDataAdapter dbAdapter = new SqlDataAdapter(sQueryString, con);
72 DataSet dataset = new DataSet();
73 dbAdapter.Fill(dataset, TableName);
74 con.Close();
75 return dataset;
76 }
77 /// <summary>
78 /// 说明:SubStr用来将字符串保留到指定长度,将超出部分用“
”代替。
79 /// 返回值:处理后的这符串。
80 /// 参数: sString原字符串。
81 /// nLeng长度。
82 /// 创建日期:2007-12-22
83 /// 创建人:冒得味口
84 /// </summary>
85 public string SubStr(string sString, int nLeng)
86 {
87 if (sString.Length <= nLeng)
88 {
89 return sString;
90 }
91 int nStrLeng = nLeng - 3;
92 string sNewStr = sString.Substring(0, nStrLeng);
93 sNewStr = sNewStr + "";
94 return sNewStr;
95 }
96 /// <summary>
97 /// 说明:过滤危险字符
98 /// 返回值:处理后的这符串。
99 /// 参数: str原字符串。
100 /// 创建日期:2007-12-22
101 /// 创建人:冒得味口
102 /// </summary>
103
104 public string HtmlEncode(string str)
105 {
106 str = str.Replace("&", "&");
107 str = str.Replace("<", "<");
108 str = str.Replace(">", ">");
109 str = str.Replace("'", "''");
110 str = str.Replace("*", "");
111 str = str.Replace("\n", "<br/>");
112 str = str.Replace("\r\n", "<br/>");
113 //str = str.Replace("?","");
114 str = str.Replace("select", "");
115 str = str.Replace("insert", "");
116 str = str.Replace("update", "");
117 str = str.Replace("delete", "");
118 str = str.Replace("create", "");
119 str = str.Replace("drop", "");
120 str = str.Replace("delcare", "");
121 if (str.Trim().ToString() == "") { str = "无"; }
122 return str.Trim();
123 }
124 /// <summary>
125 /// 防止SQL 注入试攻击
126 ///
127 /// </summary>
128 /// <param name="loginName">用户登录名称</param>
129 /// <param name="loginPwd">用户登录密码</param>
130 /// 创建日期:2007-04-05
131 /// 创建人:冒得味口
132 public int checkLogin(string loginName,string loginPwd)
133 {
134 SqlConnection con = new SqlConnection(ConfigurationManager.AppSettings["conStr"]);
135 SqlCommand myCommand = new SqlCommand("select count(*) from tbuser where Name=@loginName and PassWord=@loginPwd", con);
136 myCommand.Parameters.Add(new SqlParameter("@loginName", SqlDbType.NVarChar, 20));
137 myCommand.Parameters["@loginName"].Value = loginName;
138 myCommand.Parameters.Add(new SqlParameter("@loginPwd", SqlDbType.NVarChar, 20));
139 myCommand.Parameters["@loginPwd"].Value = loginPwd;
140 myCommand.Connection.Open();
141 int i=(int)myCommand.ExecuteScalar();
142 myCommand.Connection.Close();
143 return i;
144 }
145
146}
using System;2
using System.Data;3
using System.Configuration;4
using System.Web;5
using System.Web.Security;6
using System.Web.UI;7
using System.Web.UI.WebControls;8
using System.Web.UI.WebControls.WebParts;9
using System.Web.UI.HtmlControls;10
using System.Data.SqlClient;11
using System.Threading;12
/// <summary>
13
/// BaseClass 的摘要说明14
/// </summary>15
16
public class BaseClass17
{18
public BaseClass()19
{
20
//21
// TODO: 在此处添加构造函数逻辑22
//23
}24
/// <summary>25
/// 说明:MessageBox用来在客户端弹出对话框。26
/// 参数:TxtMessage 对话框中显示的内容。27
/// 创建日期:2007-11-2028
/// 创建人:冒得味口29
/// </summary>30
public string MessageBox(string TxtMessage)31
{32
string str;33
str = "<script language=javascript>alert('" + TxtMessage + "')</script>";34
return str;35
}36
/// <summary>37
/// 说明:ExecSQL用来执行SQL语句。38
/// 返回值:操作是否成功(True\False)。39
/// 参数:sQueryString SQL字符串40
/// 创建日期:2007-11-2241
/// 创建人:冒得味口42
/// </summary>43
public Boolean ExecSQL(string sQueryString)44
{45
SqlConnection con = new SqlConnection(ConfigurationManager.AppSettings["conStr"]);46
con.Open();47
SqlCommand dbCommand = new SqlCommand(sQueryString, con);48
try49
{50
dbCommand.ExecuteNonQuery();51
con.Close();52
}53
catch54
{55
con.Close();56
return false;57
}58
return true;59
}60
/// <summary>61
/// 说明:GetDataSet数据集,返回数据源的数据集62
/// 返回值:数据集DataSet63
/// 参数:sQueryString SQL字符串,TableName 数据表名称64
/// 创建日期:2007-11-2265
/// 创建人:冒得味口66
/// </summary>67
public System.Data.DataSet GetDataSet(string sQueryString, string TableName)68
{69
SqlConnection con = new SqlConnection(ConfigurationManager.AppSettings["conStr"]);70
con.Open();71
SqlDataAdapter dbAdapter = new SqlDataAdapter(sQueryString, con);72
DataSet dataset = new DataSet();73
dbAdapter.Fill(dataset, TableName);74
con.Close();75
return dataset;76
}77
/// <summary>78
/// 说明:SubStr用来将字符串保留到指定长度,将超出部分用“”代替。79
/// 返回值:处理后的这符串。80
/// 参数: sString原字符串。81
/// nLeng长度。82
/// 创建日期:2007-12-2283
/// 创建人:冒得味口84
/// </summary>85
public string SubStr(string sString, int nLeng)86
{87
if (sString.Length <= nLeng)88
{89
return sString;90
}91
int nStrLeng = nLeng - 3;92
string sNewStr = sString.Substring(0, nStrLeng);93
sNewStr = sNewStr + "";94
return sNewStr;95
}96
/// <summary>97
/// 说明:过滤危险字符98
/// 返回值:处理后的这符串。99
/// 参数: str原字符串。100
/// 创建日期:2007-12-22101
/// 创建人:冒得味口102
/// </summary>103
104
public string HtmlEncode(string str)105
{106
str = str.Replace("&", "&");107
str = str.Replace("<", "<");108
str = str.Replace(">", ">");109
str = str.Replace("'", "''");110
str = str.Replace("*", "");111
str = str.Replace("\n", "<br/>");112
str = str.Replace("\r\n", "<br/>");113
//str = str.Replace("?","");114
str = str.Replace("select", "");115
str = str.Replace("insert", "");116
str = str.Replace("update", "");117
str = str.Replace("delete", "");118
str = str.Replace("create", "");119
str = str.Replace("drop", "");120
str = str.Replace("delcare", "");121
if (str.Trim().ToString() == "") { str = "无"; }122
return str.Trim();123
}124
/// <summary>125
/// 防止SQL 注入试攻击126
/// 127
/// </summary>128
/// <param name="loginName">用户登录名称</param>129
/// <param name="loginPwd">用户登录密码</param>130
/// 创建日期:2007-04-05131
/// 创建人:冒得味口132
public int checkLogin(string loginName,string loginPwd)133
{134
SqlConnection con = new SqlConnection(ConfigurationManager.AppSettings["conStr"]);135
SqlCommand myCommand = new SqlCommand("select count(*) from tbuser where Name=@loginName and PassWord=@loginPwd", con);136
myCommand.Parameters.Add(new SqlParameter("@loginName", SqlDbType.NVarChar, 20));137
myCommand.Parameters["@loginName"].Value = loginName;138
myCommand.Parameters.Add(new SqlParameter("@loginPwd", SqlDbType.NVarChar, 20));139
myCommand.Parameters["@loginPwd"].Value = loginPwd;140
myCommand.Connection.Open();141
int i=(int)myCommand.ExecuteScalar();142
myCommand.Connection.Close();143
return i;144
}145
146
}