📄 common_trade.java
字号:
package com.gzrealmap.oa.servlet;
import com.gzrealmap.lib.jdbc.*;
import com.gzrealmap.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.sql.*;
import java.util.*;
import com.gzrealmap.user.user.User;
import com.gzrealmap.oa.db.*;
public class common_trade extends HttpServlet {
//request表中的值
final String req_TranID ="TranID"; //交易码
final String req_method ="sqlmethod"; //INSERT 或者 UPDATE 或者 DELETE
final String req_table ="sqltable"; //表名
final String req_nextPage ="tonextpage"; //下页
final String req_tradetitle ="tradetitle"; //显示的title
final String req_trademessage="trademessage"; //显示的信息
final String req_sqlcount ="sqlcount";
final String req_success ="success";
final String req_failure ="failure";
final String req_userlog ="userlog";
/* 调试参数 */
final String req_debug="debug";
final String req_ifdo="ifdo";
//req_method中的值
final String mode_insert ="INSERT";
final String mode_update ="UPDATE";
final String mode_delete ="DELETE";
//其它的主键和填充的值
final String key_field ="f_";
final String key_PK ="pk_";
String fkafter="";
String pkafter="";
/* 调试参数 */
//是否打印测试值------用于调试
boolean debug=false;
//是否执行操作--------用于调试
boolean ifdo=true;
//sql有效性----------用于调试
boolean sqlvalid =false;
String sqlerror=" ";
boolean ifsqlerror =false;
//sql的填充字段
String FieldName ="";
String FieldValue ="";
String sqlwhere ="";
//request得到的值
String pkField ="";
String sqlstring ="";
String sqltable ="";
String sqlmethod ="";
String sqlcount ="";
int sqlnum =0;
//交易码
String TranID ="";
String nextPage ="";
String tradetitle ="";
String tradeMessage ="";
/* 交易信息 */
String successstate = "";
String failurestate = "";
/* 用户日志 */
String TranName = null;
//com.gzrealmap.UserLog userLogS = null;
//com.gzrealmap.common comm = null;
String userlog = null;
//servlet的流操作
HttpServletRequest request=null;
HttpServletResponse response=null;
private HttpSession session=null;
PrintWriter out = null;
JDBCUtil DataBase =null;
//这部分是获得数据库中的字段名
ArrayList fieldlist=null;
//用于多条SQL语句时传参。
Hashtable parameters = null;
private String toISO(String str)
{ String temp="";
if (str!=null)
{
try
{temp = new String(str.getBytes("ISO8859_1"),"GBK" );}
catch (Exception e){temp="";}
}
return temp;
}
//用于临时生成的变量
String paramName="";
String paravalue="";
String fieldtemp=""; //用来将参数值变成是字段名,暂时的字段。
Enumeration enum=null;
private void addUserlog(String log)
{
userlog = userlog + log + ";";
}
private void genforinsert()
{
//传值语句模式:url?sqltable=AnJuanLei&sqlmethod=INSERT&f-LeiID=qq&f-LeiMing=test
//if(debug) out.print("--INSERT--<br>");
FieldName =" ( "; //(FieldName1 ,FieldName2 ,FieldName3)
FieldValue =" ( "; //('FieldValue1' ,'FieldValue2' ,'FieldValue3')
while(enum.hasMoreElements())
{
paramName=(String) enum.nextElement();
if (paramName.startsWith(fkafter))
{
//if(debug) out.print("--INSERT--<br>");
fieldtemp=paramName.substring(fkafter.length(), paramName.length());
sqlvalid=true; //测试是否有值加入sql
//测试数据库是否有这个值
if (fieldlist.contains(fieldtemp.toLowerCase() ))
{ //如果有字段的话,加入sql
paravalue=toISO((String) request.getParameter(paramName));
FieldName=FieldName+ fieldtemp +" ,";
FieldValue=FieldValue+"'"+paravalue.trim()+"' ,";
}else
{ //没有字段的话显示错误
ifsqlerror=true;
sqlerror=sqlerror+fieldtemp+ " ,";
}
}
}
//处理FieldName、FieldValue多余的一个","
FieldName=FieldName.substring(0,FieldName.length()-1)+") ";
FieldValue=FieldValue.substring(0,FieldValue.length()-1)+") ";
//组合sql串
sqlstring=" INSERT INTO " +sqltable+ FieldName+" VALUES "+FieldValue;
addUserlog("在"+sqltable+"中插入数据");
}
private void genforupdate()
{
//传值语句模式:url?sqltable=AnJuanLei&sqlmethod=UPDATE&pk-LeiID=qq&f-LeiMing=check
//if(debug) out.print("--UPDATE--<br>");
FieldValue =" "; // pk1='pk1Value' ,pk2="pk2Value"
sqlwhere =" ( "; //(pk1='pk1Value' ,pk2="pk2Value")
while(enum.hasMoreElements())
{
paramName=(String) enum.nextElement();
if (paramName.startsWith(fkafter))
{
fieldtemp=paramName.substring(fkafter.length(), paramName.length());
//测试数据库是否有这个值
if (fieldlist.contains(fieldtemp.toLowerCase() ))
{
//如果有字段的话,加入sql
paravalue=toISO((String) request.getParameter(paramName));
FieldValue=FieldValue+ fieldtemp +"="+"'"+paravalue.trim()+"' ,";
}else
{ //没有字段的话显示错误
ifsqlerror=true;
sqlerror=sqlerror+fieldtemp+ " ,";
}
}
else if (paramName.startsWith(pkafter))
{
sqlvalid=true; //测试是否有值加入sql
fieldtemp=paramName.substring(pkafter.length(), paramName.length());
//测试数据库是否有这个值
if (fieldlist.contains(fieldtemp.toLowerCase() ))
{ //如果有字段的话,加入sql
paravalue=toISO((String) request.getParameter(paramName));
sqlwhere=sqlwhere + fieldtemp +"="+"'"+paravalue.trim()+"' and ";
}else
{ //没有字段的话显示错误
ifsqlerror=true;
sqlerror=sqlerror+fieldtemp+ " ,";
}
}
}
FieldValue =FieldValue.substring(0,FieldValue.length()-1)+" ";
sqlwhere =sqlwhere.substring(0,sqlwhere.length()-4)+") ";
sqlstring=" UPDATE " + sqltable + " SET " + FieldValue + " WHERE " + sqlwhere;
addUserlog("更新了"+sqltable+"中的"+ sqlwhere);
}
private void genfordelete()
{
//传值语句模式:url??sqltable=AnJuanLei&sqlmethod=DELETE&pk-LeiID=qq
//if(debug) out.print("--DELETE--<br>");
sqlwhere =" ( "; //(pk1='pk1Value' ,pk2="pk2Value")
while(enum.hasMoreElements())
{
paramName=(String) enum.nextElement();
if (paramName.startsWith(pkafter))
{
sqlvalid=true; //测试是否有值加入sql
fieldtemp= paramName.substring(pkafter.length(), paramName.length());
//测试数据库是否有这个值
if (fieldlist.contains(fieldtemp.toLowerCase() ))
{ //如果有字段的话,加入sql
paravalue=toISO((String) request.getParameter(paramName));
sqlwhere=sqlwhere+ fieldtemp + "=" + "'" + paravalue.trim() + "' and ";
}else
{ //没有字段的话显示错误
ifsqlerror=true;
sqlerror=sqlerror+fieldtemp+ " ,";
}
}
}
sqlwhere=sqlwhere.substring(0,sqlwhere.length()-4)+") ";
sqlstring=" DELETE FROM " + sqltable + " WHERE "+ sqlwhere;
addUserlog("删除了"+sqltable+"中的"+ sqlwhere);
}
private void gentradesql(String orderno)
{
//下面是生成sql语句
enum=request.getParameterNames();
if (sqlnum==1)
{orderno="";}
pkafter=key_PK+orderno;
fkafter=key_field+orderno;
if (sqlmethod!=null&&sqltable!=null)
{
//if(debug) out.print("not null<br>");
/*
** INSERT INTO AnJuanLei (LeiMing, LeiID) VALUES ('abc', 'a')
** UPDATE AnJuanLei SET LeiMing = '产品' WHERE (LeiID = 'c')
** DELETE FROM AnJuanLei WHERE (LeiID = 'a')
*/
if (sqlmethod.equalsIgnoreCase(mode_insert)) //处理插入语句
{
genforinsert();
}
else if (sqlmethod.equalsIgnoreCase(mode_update)) //处理更新语句
{
genforupdate();
}
else if (sqlmethod.equalsIgnoreCase(mode_delete)) //处理删除语句
{
genfordelete();
}
if (sqlnum==1)
{orderno="1";}
parameters.put(orderno, sqlstring.trim());
if (debug)
{
System.out.println("string: "+sqlstring.trim());
System.out.println("hashtable: "+parameters.get(orderno));
}
sqlstring="";
}
//上面这部分是生成一个sql语句。
fieldlist=null;
//显示调试时数据
}
private void showdebug()
{
out.print ("<TABLE border='1' align='center'>\r\n");
out.print (" <TR>\r\n");
out.print (" <TD width='80'>sql语句数:</TD>\r\n");
out.print (" <TD width='480'>"+sqlnum+"</TD>\r\n");
out.print (" </TR>\r\n");
out.print (" <TR>\r\n");
if (debug)
{ System.out.print("table--sqlnum:"+sqlnum);
}
for (int i=1; i<=sqlnum; i++)
{
if (debug)
{System.out.println( "table--i"+ i+"table--sqlnum"+sqlnum );
}
out.print (" <TR>\r\n");
out.print (" <TD width='80'>sql语句"+i+":</TD>\r\n");
out.print (" <TD width='480'>"+parameters.get(String.valueOf(i))+"</TD>\r\n");
out.print (" </TR>\r\n");
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -