dd_add.aspx.cs

OA系统,数据库为SQLSever 。net c#

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class DepartmentDecision_DD_Add : System.Web.UI.Page
{
    WebService webService = new WebService();
    string strSql;
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["UserID"] == null || Session["UserLevel"] == null)
        {
            Response.Redirect("~/Error.aspx");
        }
        if (Session["UserLevel"].ToString() != "部门经理")
        {
            Response.Redirect("~/Error.aspx");
        }
        this.lblMsg.Text = "您所撰写的草案需要您审核后才能发表！";
        strSql = "SELECT z_Department.Dept_Name FROM z_Person INNER JOIN z_Department ON z_Person.Person_DeptID = z_Department.Dept_ID where z_Person.Person_ID='"+Session["UserID"].ToString()+"';";
        DataTable table = webService.ExcuteSelect(strSql);
        this.lblDept.Text = table.Rows[0]["Dept_Name"].ToString();
    }
    protected void btnSubmit_Click(object sender, EventArgs e)
    {
        if (this.tbTitle.Text == "" || this.tbContent.Text == "")
            this.lblMsg.Text = "请填写完整的信息！";
        else
        {
            string strTitle = this.tbTitle.Text;
            string strContent = this.tbContent.Text;
            strSql = "SELECT Person_DeptID FROM z_Person where z_Person.Person_ID='"+Session["UserID"].ToString()+"';";
            DataTable table = webService.ExcuteSelect(strSql);
            string strDeptID = table.Rows[0]["Person_DeptID"].ToString();
            if (this.CheckBox1.Checked)
            {
                strSql = "Insert into z_DepartmentDecision(DD_Title,DD_Content,DD_AddDate,DD_IsConfirm,DD_ConfirmDate,DD_AddPersonID,Dept_ID) values ('" + strTitle + "','" + strContent + "','" + DateTime.Now + "','1','" + DateTime.Now + "','" + Session["UserID"].ToString() + "','"+strDeptID+"');";
            }
            else
                strSql = "Insert into z_DepartmentDecision(DD_Title,DD_Content,DD_AddDate,DD_IsConfirm,DD_AddPersonID,Dept_ID) values ('" + strTitle + "','" + strContent + "','" + DateTime.Now + "','0','" + Session["UserID"].ToString() + "','"+strDeptID+"');";
            webService.ExcuteSql(strSql);
            Response.Redirect("DD_List.aspx");
        }
    }
    protected void btnCancel_Click(object sender, EventArgs e)
    {
        Response.Redirect("DD_List.aspx");
    }
}