dd_info.aspx.cs

OA系统,数据库为SQLSever 。net c#

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class DepartmentDecision_DD_Info : System.Web.UI.Page
{
    WebService webService = new WebService();
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["UserID"] == null || Session["UserLevel"] == null)
        {
            Response.Redirect("~/Error.aspx");
        }
        this.tbContent.Style.Add("OverFlow", "hidden");
        string strID = Request.QueryString["ddid"];
        string strSql = "SELECT z_Department.Dept_Name,z_DepartmentDecision.DD_IsConfirm,z_DepartmentDecision.Dept_ID, z_DepartmentDecision.DD_AddDate, z_DepartmentDecision.DD_Content, z_DepartmentDecision.DD_Title, z_Person.Person_RealName, z_DepartmentDecision.DD_ID FROM z_Department INNER JOIN z_DepartmentDecision ON z_Department.Dept_ID = z_DepartmentDecision.Dept_ID INNER JOIN z_Person ON z_DepartmentDecision.DD_AddPersonID = z_Person.Person_ID WHERE z_DepartmentDecision.DD_ID = '" + strID + "';";
        DataTable table = webService.ExcuteSelect(strSql);
        this.lblID.Text = strID;
        this.lblDept.Text = table.Rows[0]["Dept_Name"].ToString();
        this.lblTitle.Text = table.Rows[0]["DD_Title"].ToString();
        this.lblAuther.Text = table.Rows[0]["Person_RealName"].ToString();
        this.lblAddDate.Text = table.Rows[0]["DD_AddDate"].ToString();
        this.tbContent.Text = table.Rows[0]["DD_Content"].ToString();
        if (table.Rows[0]["DD_IsConfirm"].ToString() == "False")
        {
            Response.Redirect("~/Error.aspx");
        }
        if (Session["UserLevel"].ToString() == "总经理" || Session["UserLevel"].ToString() == "副总经理")
        {
            this.HyperLink1.NavigateUrl = "DD_ListAll.aspx?did=" + table.Rows[0]["Dept_ID"].ToString();
        }
        else
        {
            strSql = "Select Person_DeptID from z_Person where Person_ID='" + Session["UserID"].ToString() + "';";
            DataTable dtTable = webService.ExcuteSelect(strSql);
            if (dtTable.Rows[0]["Person_DeptID"].ToString() == table.Rows[0]["Dept_ID"].ToString())
            {
                this.HyperLink1.NavigateUrl = "DD_List.aspx";
            }
            else
            {
                Response.Redirect("~/Error.aspx");
            }
        }
    }
}