📄 access.cs
字号:
using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Xml;
using System.Collections;
using System.ComponentModel;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
namespace WebApplication1
{
public class Access
{
#region 构造函数
public Access(){}
#endregion
#region 配置数据库连接字符串
public static string ConnectionString=ConfigurationSettings.AppSettings["ConnectionString"];
#endregion
#region 执行SQL语句,返回Bool值
/// <summary>
/// 执行SQL语句,返回Bool值
/// </summary>
/// <param name="sql">要执行的SQL语句</param>
/// <returns>返回BOOL值,True为执行成功</returns>
public bool ExecuteSQL(string sql)
{
SqlConnection con=new SqlConnection(Access.ConnectionString);
SqlCommand cmd=new SqlCommand(sql,con);
try
{
con.Open();
cmd.ExecuteNonQuery();
return true;
}
catch
{
return false;
}
finally
{
con.Close();
con.Dispose();
cmd.Dispose();
}
}
#endregion
#region 过滤用户名中的非法字符
/// <summary>
/// 过滤用户名中的非法字符
/// </summary>
/// <param name="str">要被过滤的字符串</param>
/// <returns>返回String类型的过滤后的字符串</returns>
public string NameReplace(string str)
{
str=str.Trim();
str=str.Replace("=","");
str=str.Replace("'","");
return str;
}
#endregion
#region 执行SQL语句,返回SqlDataReader
/// <summary>
/// 执行SQL语句,返回SqlDataReader
/// </summary>
/// <param name="sql">要执行的SQL语句</param>
/// <returns>返回SqlDataReader,需手工关闭连接</returns>
public SqlDataReader GetReader(string sql)
{
SqlConnection con=new SqlConnection(Access.ConnectionString);
SqlCommand cmd=new SqlCommand(sql,con);
SqlDataReader dr=null;
try
{
con.Open();
dr=cmd.ExecuteReader(CommandBehavior.CloseConnection);
}
catch (Exception ex)
{
dr.Close();
con.Dispose();
cmd.Dispose();
throw new Exception(ex.ToString());
}
return dr;
}
#endregion
#region 分页,返回SqlDataReader
/// <summary>
/// 分页,返回SqlDataReader
/// </summary>
/// <param name="tblName">查询的表名</param>
/// <param name="fldName">排序字段名</param>
/// <param name="PageSize">每页中记录的数量</param>
/// <param name="PageIndex">当前查询的页码</param>
/// <param name="OrderType">设置排序类型, 非 0 值则降序</param>
/// <param name="strWhere">查询条件(注意:不要加 where)</param>
/// <returns>返回SqlDataReader,需手工关闭连接</returns>
public SqlDataReader GetReaderPage(string tblName,string fldName,int PageSize,int PageIndex,int OrderType,string strWhere)
{
string strTmp,strOrder;
string sql="";
if (OrderType!=0)
{
strTmp="< (select min";
strOrder=" order by " + fldName +" desc";
}
else
{
strTmp=">(select max";
strOrder=" order by " + fldName +" asc";
}
if (strWhere!="")
{
sql = "select top " + PageSize + " * from "+ tblName + " where " + fldName + strTmp + "(";
sql+=fldName + ") from (select top " + (PageIndex-1)*PageSize +" "+ fldName + " from " + tblName + " where (" + strWhere + ") ";
sql+=strOrder + ") as tblTmp) and (" + strWhere + ") " + strOrder;
}
if (PageIndex==1)
{
strTmp ="";
if (strWhere != "")
{
strTmp = " where (" + strWhere + ")";
}
sql = "select top " + PageSize + " * from " + tblName + strTmp + " " + strOrder;
}
SqlConnection con=new SqlConnection(Access.ConnectionString);
SqlCommand cmd=new SqlCommand(sql,con);
SqlDataReader dr=null;
try
{
con.Open();
dr=cmd.ExecuteReader(CommandBehavior.CloseConnection);
}
catch (Exception ex)
{
dr.Close();
con.Dispose();
cmd.Dispose();
throw new Exception(ex.ToString());
}
return dr;
}
#endregion
#region 执行SQL语句,返回DataSet
/// <summary>
/// 执行SQL语句,返回DataSet
/// </summary>
/// <param name="sql">要执行的SQL语句</param>
/// <param name="tablename">DataSet中要填充的表名</param>
/// <returns>返回dataSet类型的执行结果</returns>
public void GetDataSet(string sql,DataSet ds)
{
//DataSet ds= new DataSet();
SqlConnection con=new SqlConnection(Access.ConnectionString);
SqlDataAdapter da=new SqlDataAdapter(sql,con);
try
{
da.Fill(ds);
}
catch (Exception ex)
{
throw new Exception(ex.ToString());
}
finally
{
con.Close();
con.Dispose();
da.Dispose();
}
//return ds;
}
//重载
public static DataSet GetDataSet(SqlDataAdapter da,string sql,string tablename)
{
DataSet ds= new DataSet();
SqlConnection con=new SqlConnection(Access.ConnectionString);
SqlDataAdapter da1=new SqlDataAdapter(sql,con);
da=da1;
try
{
da.Fill(ds,tablename);
}
catch (Exception ex)
{
throw new Exception(ex.ToString());
}
finally
{
con.Close();
con.Dispose();
da.Dispose();
}
return ds;
}
#endregion
#region 执行SQL语句,返回DataTable
/// <summary>
/// 执行SQL语句,返回DataTable
/// </summary>
/// <param name="sql">要执行的SQL语句</param>
/// <returns>返回DataTable类型的执行结果</returns>
public DataTable GetDataTable(string sql)
{
DataSet ds= new DataSet();
SqlConnection con=new SqlConnection(Access.ConnectionString);
SqlDataAdapter da=new SqlDataAdapter(sql,con);
try
{
//da.Fill(ds,"tb");
}
catch (Exception ex)
{
throw new Exception(ex.ToString());
}
finally
{
con.Close();
con.Dispose();
da.Dispose();
}
DataTable result=ds.Tables["tb"];
return result;
}
#endregion
#region 执行SQL语句并返回受影响的行数
/// <summary>
/// 执行SQL语句并返回受影响的行数
/// </summary>
/// <param name="sql">要执行的SQL语句</param>
/// <returns>返回Int类型的受影响的行数</returns>
public int GetCount(string sql)
{
SqlConnection con=new SqlConnection(Access.ConnectionString);
SqlCommand cmd=new SqlCommand(sql,con);
try
{
con.Open();
int count=(int)cmd.ExecuteScalar();
return count;
}
catch
{
return 0;
}
finally
{
con.Close();
con.Dispose();
cmd.Dispose();
}
}
#endregion
#region 验证用户是否合法管理员
/// <summary>
/// 验证用户是否合法管理员
/// </summary>
/// <param name="strname">要验证的用户名</param>
/// <param name="strpwd">要验证的密码</param>
/// <returns>返回BOOL值,True为验证成功</returns>
public string CheckAdmin(string strname,string strpwd)
{
string sql="select * from DB_login where userid='"+ strname+"'";
SqlConnection con=new SqlConnection(Access.ConnectionString);
SqlCommand cmd=new SqlCommand(sql,con);
SqlDataAdapter thisAdapter=new SqlDataAdapter(sql,Access.ConnectionString);
SqlCommandBuilder thisBuilder=new SqlCommandBuilder(thisAdapter);
DataSet thisDataSet=new DataSet();
thisAdapter.Fill(thisDataSet,"DB_login");
if (thisDataSet.Tables["DB_login"].Rows.Count==0)
{return "您所输入的用户名不存在!";}
else
{
string str_uid=System.Convert.ToString(thisDataSet.Tables["DB_login"].Rows[0]["userid"]);
string str_pwd=System.Convert.ToString(thisDataSet.Tables["DB_login"].Rows[0]["pwd"]);
str_pwd=str_pwd.Trim();
str_uid=str_uid.Trim();
if(str_pwd!=strpwd){return "您所输入的密码不正确!";}
if(thisDataSet.Tables["DB_login"].Rows.Count==1 && str_pwd==strpwd)
{return "ok";}
}
return null;
}
#endregion
#region 验证用户是否合法用户
/// <summary>
/// 验证用户是否合法用户
/// </summary>
/// <param name="strname">要验证的用户名</param>
/// <param name="strpwd">要验证的密码</param>
/// <returns>返回BOOL值,True为验证成功</returns>
public bool CheckUser (string strname,string strpwd)
{
string sql;
strname=NameReplace(strname);
if(strpwd=="")
sql="select count(1) from student where studentname='"+strname+"'";
else
sql="select count(1) from student where studentname='"+strname+"'and studentpwd='"+strpwd+"'";
if(GetCount(sql)>0)
{
return true;
}
else
{
return false;
}
}
#endregion
#region 注册新的用户
/// <summary>
/// 注册新的用户
/// </summary>
/// <param name="strname">要注册的用户名</param>
/// <param name="strpwd">要注册的密码</param>
/// <returns>返回BOOL值,True为验证成功</returns>
public bool newUser (string stuid,string username,string sex,string major,string tel,string address,string btime,string password)
{
string sql;
username=NameReplace(username);
sql="select count(1) from student where stuid='"+stuid+"'";
if(GetCount(sql)>0)
{
return false;
}
string sql2;
sql2="insert into student (stuid,name,sex,major,tel,address,btime,stupassword) values('"+stuid +"','"+username+"','"+sex+"','"+major+"','"+tel+"','"+address+"','"+btime+"','"+password+"')";
ExecuteSQL(sql2);
return true;
}
#endregion
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -