client_confirm.aspx.cs

OA系统,数据库为SQLSever 。net c#

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class ClientInfo_Client_Confirm : System.Web.UI.Page
{
    WebService webService = new WebService();
    string strSql;
    protected void Page_Load(object sender, EventArgs e)
    {

        if (Session["UserID"] == null || Session["UserLevel"] == null)
        {
            Response.Redirect("~/Error.aspx");
        }
        if (Session["UserLevel"].ToString() != "部门经理")
        {
            Response.Redirect("~/Error.aspx");
        }
        if (!Page.IsPostBack)
        {
            strSql = "SELECT z_Client.Client_ID,z_Client.Dept_ID, z_Client.Client_AddDate, z_Client.Client_CompanyName, z_Client.Client_AgentName, z_Client.Client_Phone, z_Client.Client_Email, z_Client.Client_WebSite,z_Client.Client_AddPersonID, z_Person.Person_ID, z_Person.Person_RealName FROM z_Client INNER JOIN z_Person ON z_Client.Client_AddPersonID = z_Person.Person_ID WHERE z_Client.Client_ID='" + Request.QueryString["cid"] + "';";
            DataTable table = webService.ExcuteSelect(strSql);
            this.lblAddDate.Text = table.Rows[0]["Client_AddDate"].ToString();
            this.lblAddPersonName.Text = table.Rows[0]["Person_RealName"].ToString();
            this.lblAgentName.Text = table.Rows[0]["Client_AgentName"].ToString();
            this.lblCompanyName.Text = table.Rows[0]["Client_CompanyName"].ToString();
            this.lblEmail.Text = table.Rows[0]["Client_Email"].ToString();
            this.lblPhone.Text = table.Rows[0]["Client_Phone"].ToString();
            this.lblWeb.Text = table.Rows[0]["Client_WebSite"].ToString();
            strSql = "Select Person_DeptID from z_Person where Person_ID='" + Session["UserID"].ToString() + "';";
            DataTable dtTable = webService.ExcuteSelect(strSql);
            if (dtTable.Rows[0]["Person_DeptID"].ToString() != table.Rows[0]["Dept_Id"].ToString())
            {
                Response.Redirect("~/Error.aspx");
            }
       }
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        strSql = "Update z_Client set Client_IsConfirm='1',Client_ConfirmDate='" + DateTime.Now + "'where Client_ID='"+Request.QueryString["cid"]+"';";
        webService.ExcuteSql(strSql);
        Response.Redirect("Client_List2.aspx");
    }
    protected void Button2_Click(object sender, EventArgs e)
    {
        strSql = "Delete from z_Client where Client_ID='" + Request.QueryString["cid"] + "';";
        webService.ExcuteSql(strSql);
        Response.Redirect("Client_List2.aspx");
    }
}