dd_confirm.aspx.cs

OA系统,数据库为SQLSever 。net c#

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class DepartmentDecision_DD_Confirm : System.Web.UI.Page
{
    WebService webService = new WebService();
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["UserID"] == null || Session["UserLevel"] == null)
        {
            Response.Redirect("~/Error.aspx");
        }
        if (Session["UserLevel"].ToString() != "部门经理")
        {
            Response.Redirect("~/Error.aspx");
        }
        this.tbContent.Style.Add("OverFlow", "hidden");
        string strID = Request.QueryString["ddid"];
        string strSql = "SELECT z_Department.Dept_Name,z_DepartmentDecision.Dept_ID, z_DepartmentDecision.DD_AddDate, z_DepartmentDecision.DD_Content, z_DepartmentDecision.DD_Title, z_Person.Person_RealName, z_DepartmentDecision.DD_ID FROM z_Department INNER JOIN z_DepartmentDecision ON z_Department.Dept_ID = z_DepartmentDecision.Dept_ID INNER JOIN z_Person ON z_DepartmentDecision.DD_AddPersonID = z_Person.Person_ID WHERE z_DepartmentDecision.DD_ID = '" + strID + "';";
        DataTable table = webService.ExcuteSelect(strSql);
        this.lblID.Text = strID;
        this.lblDept.Text = table.Rows[0]["Dept_Name"].ToString();
        this.lblTitle.Text = table.Rows[0]["DD_Title"].ToString();
        this.lblAuther.Text = table.Rows[0]["Person_RealName"].ToString();
        this.lblAddDate.Text = table.Rows[0]["DD_AddDate"].ToString();
        this.tbContent.Text = table.Rows[0]["DD_Content"].ToString();
        strSql = "Select Person_DeptID from z_Person where Person_ID='" + Session["UserID"].ToString() + "';";
        DataTable dtTable = webService.ExcuteSelect(strSql);
        if (dtTable.Rows[0]["Person_DeptID"].ToString() != table.Rows[0]["Dept_ID"].ToString())
        {
            Response.Redirect("~/Error.aspx");
        }
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        string strSql = "Update z_DepartmentDecision set DD_IsConfirm='1',DD_ConfirmDate='" + DateTime.Now + "' where DD_ID='" + Request.QueryString["ddid"] + "';";
        webService.ExcuteSql(strSql);
        Response.Redirect("DD_List2.aspx");
    }
    protected void Button2_Click(object sender, EventArgs e)
    {
        string strSql = "Delete from z_DepartmentDecision where DD_ID='" + Request.QueryString["ddid"] + "';";
        webService.ExcuteSql(strSql);
        Response.Redirect("DD_List2.aspx");
    }
}