zoukankan      html  css  js  c++  java
  • 数据访问层的超级基类AbstractBaseDAL

    using System;
    using System.Collections;
    using System.Data;
    using System.Data.Common;
    using System.Collections.Generic;
    using System.Reflection;
    using System.Text;
    using System.Text.RegularExpressions;
    
    using WHC.Pager.Entity;
    using WHC.Framework.Commons;
    using Microsoft.Practices.EnterpriseLibrary.Data;
    
    namespace WHC.Framework.ControlUtil
    {
        /// <summary>
        /// 定义一个记录操作日志的事件处理
        /// </summary>
        /// <param name="userId">操作的用户ID</param>
        /// <param name="tableName">操作表名称</param>
        /// <param name="operationType">操作类型:增加、修改、删除</param>
        /// <param name="note">操作的详细记录信息</param>
        /// <returns></returns>
        public delegate bool OperationLogEventHandler(string userId, string tableName, string operationType, string note, DbTransaction trans = null); 
    
        /// <summary>
        /// 数据访问层的超级基类,所有数据库的数据访问基类都继承自这个超级基类,包括Oracle、SqlServer、Sqlite、MySql、Access等
        /// </summary>
        public abstract class AbstractBaseDAL<T> where T : BaseEntity, new()
        {
            #region 构造函数
    
            protected string dbConfigName = ""; //数据库配置名称
            protected string parameterPrefix = "@";//数据库参数化访问的占位符
            protected string safeFieldFormat = "[{0}]";//防止和保留字、关键字同名的字段格式,如[value]
            protected string tableName;//需要初始化的对象表名
            protected string primaryKey;//数据库的主键字段名
            protected string sortField;//排序字段
            protected bool isDescending = true;//是否为降序
            protected string selectedFields = " * ";//选择的字段,默认为所有(*)        
            public event OperationLogEventHandler OnOperationLog;//定义一个操作记录的事件处理
            
            /// <summary>
            /// 数据库配置名称,默认为空。
            /// 可在子类指定不同的配置名称,用于访问不同的数据库
            /// </summary>
            public string DbConfigName
            {
                get { return dbConfigName; }
                set { dbConfigName = value; }
            }
    
            /// <summary>
            /// 数据库参数化访问的占位符
            /// </summary>
            public string ParameterPrefix
            {
                get { return parameterPrefix; }
                set { parameterPrefix = value; }
            }
    
            /// <summary>
            /// 防止和保留字、关键字同名的字段格式,如[value]。
            /// 不同数据库类型的BaseDAL需要进行修改
            /// </summary>
            public string SafeFieldFormat
            {
                get { return safeFieldFormat; }
                set { safeFieldFormat = value; }
            }
    
            /// <summary>
            /// 排序字段
            /// </summary>
            public string SortField
            {
                get 
                {
                    return sortField; 
                }
                set 
                {
                    sortField = value; 
                }
            }
    
            /// <summary>
            /// 是否为降序
            /// </summary>
            public bool IsDescending
            {
                get { return isDescending; }
                set { isDescending = value; }
            }       
    
            /// <summary>
            /// 选择的字段,默认为所有(*)
            /// </summary>
            public string SelectedFields
            {
                get { return selectedFields; }
                set { selectedFields = value; }
            }
    
            /// <summary>
            /// 数据库访问对象的表名
            /// </summary>
            public string TableName
            {
                get
                {
                    return tableName;
                }
            }
    
            /// <summary>
            /// 数据库访问对象的外键约束
            /// </summary>
            public string PrimaryKey
            {
                get
                {
                    return primaryKey;
                }
            }
            
            /// <summary>
            /// 默认构造函数
            /// </summary>
            public AbstractBaseDAL()
            {
            }
    
            /// <summary>
            /// 指定表名以及主键,对基类进构造
            /// </summary>
            /// <param name="tableName">表名</param>
            /// <param name="primaryKey">表主键</param>
            public AbstractBaseDAL(string tableName, string primaryKey) : this()
            {
                this.tableName = tableName;
                this.primaryKey = primaryKey;
                this.sortField = primaryKey;//默认为主键排序
            }
    
            /// <summary>
            /// 设置数据库配置项名称
            /// </summary>
            /// <param name="dbConfigName">数据库配置项名称</param>
            public virtual void SetDbConfigName(string dbConfigName)
            {
                this.dbConfigName = dbConfigName;
            }
    
            /// <summary>
            /// 根据配置数据库配置名称生成Database对象
            /// </summary>
            /// <returns></returns>
            protected virtual Database CreateDatabase()
            {
                Database db = null;
                if (string.IsNullOrEmpty(dbConfigName))
                {
                    db = DatabaseFactory.CreateDatabase();
                }
                else
                {
                    db = DatabaseFactory.CreateDatabase(dbConfigName);
                }
                return db;
            }
    
            /// <summary>
            /// 获取指定字符串中的子项的值
            /// </summary>
            /// <param name="connectionString">字符串值</param>
            /// <param name="subKeyName">以分号(;)为分隔符的子项名称</param>
            /// <returns>对应子项名称的值(即是=号后面的值)</returns>
            protected string GetSubValue(string connectionString, string subKeyName)
            {
                string[] item = connectionString.Split(new char[] { ';' });
                for (int i = 0; i < item.Length; i++)
                {
                    string itemValue = item[i].ToLower();
                    if (itemValue.IndexOf(subKeyName, StringComparison.OrdinalIgnoreCase) >= 0) //如果含有指定的关键字
                    {
                        int startIndex = item[i].IndexOf("="); //等号开始的位置
                        return item[i].Substring(startIndex + 1).Trim(); //获取等号后面的值即为Value
                    }
                }
                return string.Empty;
            }
    
            /// <summary>
            /// 生成防止和保留字、关键字同名的字段格式,如[value]。
            /// </summary>
            /// <param name="fieldName">字段名,如value</param>
            protected string GetSafeFileName(string fieldName)
            {
                return string.Format(safeFieldFormat, fieldName);
            }
    
            #endregion    
    
            #region 通用操作方法
    
            /// <summary>
            /// 添加记录
            /// </summary>
            /// <param name="recordField">Hashtable:键[key]为字段名;值[value]为字段对应的值</param>
            /// <param name="trans">事务对象,如果使用事务,传入事务对象,否则为Null不使用事务</param>
            public virtual bool Insert(Hashtable recordField, DbTransaction trans)
            {
                return this.Insert(recordField, tableName, trans);
            }
    
            /// <summary>
            /// 添加记录
            /// </summary>
            /// <param name="recordField">Hashtable:键[key]为字段名;值[value]为字段对应的值</param>
            /// <param name="targetTable">需要操作的目标表名称</param>
            /// <param name="trans">事务对象,如果使用事务,传入事务对象,否则为Null不使用事务</param>
            public virtual bool Insert(Hashtable recordField, string targetTable, DbTransaction trans)
            {
                bool result = false;
                if (recordField == null || recordField.Count < 1)
                {
                    return result;
                }
    
                string fields = ""; // 字段名
                string vals = ""; // 字段值
                foreach (string field in recordField.Keys)
                {
                    fields += string.Format("{0},", GetSafeFileName(field));
                    vals += string.Format("{0}{1},", parameterPrefix, field);
                }
                fields = fields.Trim(',');//除去前后的逗号
                vals = vals.Trim(',');//除去前后的逗号
                string sql = string.Format("INSERT INTO {0} ({1}) VALUES ({2})", targetTable, fields, vals);
    
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
                foreach (string field in recordField.Keys)
                {
                    object val = recordField[field];
                    val = val ?? DBNull.Value;
                    if (val is DateTime)
                    {
                        if (Convert.ToDateTime(val) <= Convert.ToDateTime("1753-1-1"))
                        {
                            val = DBNull.Value;
                        }
                    }
    
                    db.AddInParameter(command, field, TypeToDbType(val.GetType()), val);
                }
    
                if (trans != null)
                {
                    result = db.ExecuteNonQuery(command, trans) > 0;
                }
                else
                {
                    result = db.ExecuteNonQuery(command) > 0;
                }
    
                return result;
            }
    
            /// <summary>
            /// 添加记录
            /// </summary>
            /// <param name="recordField">Hashtable:键[key]为字段名;值[value]为字段对应的值</param>
            /// <param name="trans">事务对象,如果使用事务,传入事务对象,否则为Null不使用事务</param>
            public virtual int Insert2(Hashtable recordField, DbTransaction trans)
            {
                return this.Insert2(recordField, tableName, trans);
            }
    
            /// <summary>
            /// 添加记录
            /// </summary>
            /// <param name="recordField">Hashtable:键[key]为字段名;值[value]为字段对应的值</param>
            /// <param name="targetTable">需要操作的目标表名称</param>
            /// <param name="trans">事务对象,如果使用事务,传入事务对象,否则为Null不使用事务</param>
            public virtual int Insert2(Hashtable recordField, string targetTable, DbTransaction trans)
            {
                throw new NotSupportedException();
            }
            
            /// <summary>
            /// 更新某个表一条记录(只适用于用单键,用int类型作键值的表)
            /// </summary>
            /// <param name="id">ID值</param>
            /// <param name="recordField">Hashtable:键[key]为字段名;值[value]为字段对应的值</param>
            /// <param name="trans">事务对象,如果使用事务,传入事务对象,否则为Null不使用事务</param>
            public virtual bool Update(object id, Hashtable recordField, DbTransaction trans)
            {
                return this.PrivateUpdate(id, recordField, tableName, trans);
            }
    
            /// <summary>
            /// 更新某个表一条记录(只适用于用单键,用int类型作键值的表)
            /// </summary>
            /// <param name="id">ID值</param>
            /// <param name="recordField">Hashtable:键[key]为字段名;值[value]为字段对应的值</param>
            /// <param name="targetTable">需要操作的目标表名称</param>
            /// <param name="trans">事务对象,如果使用事务,传入事务对象,否则为Null不使用事务</param>
            public virtual bool Update(object id, Hashtable recordField, string targetTable, DbTransaction trans)
            {
                return PrivateUpdate(id, recordField, targetTable, trans);
            }
    
            /// <summary>
            /// 更新某个表一条记录
            /// </summary>
            /// <param name="id">ID值</param>
            /// <param name="recordField">Hashtable:键[key]为字段名;值[value]为字段对应的值</param>
            /// <param name="targetTable">需要操作的目标表名称</param>
            /// <param name="trans">事务对象,如果使用事务,传入事务对象,否则为Null不使用事务</param>
            public virtual bool PrivateUpdate(object id, Hashtable recordField, string targetTable, DbTransaction trans)
            {
                try
                {
                    if (recordField == null || recordField.Count < 1)
                    {
                        return false;
                    }
    
                    string setValue = "";
                    foreach (string field in recordField.Keys)
                    {
                        setValue += string.Format("{0} = {1}{2},", GetSafeFileName(field), parameterPrefix, field);
                    }
                    string sql = string.Format("UPDATE {0} SET {1} WHERE {2} = {3}{2} ",
                        targetTable, setValue.Substring(0, setValue.Length - 1), primaryKey, parameterPrefix);
                    Database db = CreateDatabase();
                    DbCommand command = db.GetSqlStringCommand(sql);
    
                    bool foundID = false;
                    foreach (string field in recordField.Keys)
                    {
                        object val = recordField[field];
                        val = val ?? DBNull.Value;
                        if (val is DateTime)
                        {
                            if (Convert.ToDateTime(val) <= Convert.ToDateTime("1753-1-1"))
                            {
                                val = DBNull.Value;
                            }
                            db.AddInParameter(command, field, DbType.DateTime, val);
                        }
                        else
                        {
                            db.AddInParameter(command, field, TypeToDbType(val.GetType()), val);
                        }
    
                        if (field.Equals(primaryKey, StringComparison.OrdinalIgnoreCase))
                        {
                            foundID = true;
                        }
                    }
    
                    if (!foundID)
                    {
                        db.AddInParameter(command, primaryKey, TypeToDbType(id.GetType()), id);
                    }
    
                    bool result = false;
                    if (trans != null)
                    {
                        result = db.ExecuteNonQuery(command, trans) > 0;
                    }
                    else
                    {
                        result = db.ExecuteNonQuery(command) > 0;
                    }
    
                    return result;
                }
                catch (Exception ex)
                {
                    LogTextHelper.WriteLine(ex.ToString());
                    throw;
                }
            }
            
            /// <summary>
            /// 执行SQL查询语句,返回查询结果的所有记录的第一个字段,用逗号分隔。
            /// </summary>
            /// <param name="sql">SQL语句</param>
            /// <param name="trans">事务对象</param>
            /// <returns>
            /// 返回查询结果的所有记录的第一个字段,用逗号分隔。
            /// </returns>
            public virtual string SqlValueList(string sql, DbTransaction trans = null)
            {
                StringBuilder result = new StringBuilder();
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
    
                if (trans != null)
                {        
                    using (IDataReader dr = db.ExecuteReader(command, trans))
                    {
                        while (dr.Read())
                        {
                            result.AppendFormat("{0},", dr[0].ToString());
                        }
                    }
                }
                else
                {
                    using (IDataReader dr = db.ExecuteReader(command))
                    {
                        while (dr.Read())
                        {
                            result.AppendFormat("{0},", dr[0].ToString());
                        }
                    }
                }
                string strResult = result.ToString().Trim(',');
                return strResult;
            }
    
            /// <summary>
            /// 执行一些特殊的语句
            /// </summary>
            /// <param name="sql">SQL语句</param>
            /// <param name="trans">事务对象</param>
            public virtual int SqlExecute(string sql, DbTransaction trans = null)
            {
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
                if (trans != null)
                {
                    return db.ExecuteNonQuery(command, trans);
                }
                else
                {
                    return db.ExecuteNonQuery(command);
                }
            }
    
            /// <summary>
            /// 执行存储过程函数。
            /// </summary>
            /// <param name="storeProcName">存储过程函数</param>
            /// <param name="parameters">参数集合</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual int StoreProcExecute(string storeProcName, DbParameter[] parameters, DbTransaction trans = null)
            {
                Database db = CreateDatabase();
                DbCommand command = db.GetStoredProcCommand(storeProcName);
                foreach (DbParameter param in parameters)
                {
                    db.AddInParameter(command, param.ParameterName, param.DbType, param.Value);
                }
    
                int result = -1;
                if (trans != null)
                {
                    result = db.ExecuteNonQuery(command, trans);
                }
                else
                {
                    result = db.ExecuteNonQuery(command);
                }
                return result;
            }
    
            /// <summary>
            /// 执行SQL查询语句,返回所有记录的DataTable集合。
            /// </summary>
            /// <param name="sql">SQL查询语句</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual DataTable SqlTable(string sql, DbTransaction trans = null)
            {
                return SqlTable(sql, null, trans);
            }
    
            /// <summary>
            /// 执行SQL查询语句,返回所有记录的DataTable集合。
            /// </summary>
            /// <param name="sql">SQL查询语句</param>
            /// <param name="parameters">参数集合</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual DataTable SqlTable(string sql, DbParameter[] parameters, DbTransaction trans = null)
            {
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
                if (parameters != null)
                {
                    foreach (DbParameter param in parameters)
                    {
                        db.AddInParameter(command, param.ParameterName, param.DbType, param.Value);
                    }
                }
                DataTable dt = null;
                if (trans != null)
                {
                    dt = db.ExecuteDataSet(command, trans).Tables[0];
                }
                else
                {
                    dt = db.ExecuteDataSet(command).Tables[0];
                }
    
                if (dt != null)
                {
                    dt.TableName = "tableName";//增加一个表名称,防止WCF方式因为TableName为空出错
                }
    
                return dt;
            }
                            
            /// <summary>
            /// 打开数据库连接,并创建事务对象
            /// </summary>
            public virtual DbTransaction CreateTransaction()
            {
                Database db = CreateDatabase();
                DbConnection connection = db.CreateConnection();
                if (connection.State == System.Data.ConnectionState.Closed)
                {
                    connection.Open();
                }
    
                return connection.BeginTransaction();
            }
    
            /// <summary>
            /// 打开数据库连接,并创建事务对象
            /// </summary>
            /// <param name="level">事务级别</param>
            public virtual DbTransaction CreateTransaction(IsolationLevel level)
            {
                Database db = CreateDatabase();
                DbConnection connection = db.CreateConnection();
                if (connection.State == System.Data.ConnectionState.Closed)
                {
                    connection.Open();
                }
    
                return connection.BeginTransaction(level);
            }
    
            /// <summary>
            /// 测试数据库是否正常连接
            /// </summary>
            public virtual bool TestConnection(string connectionString)
            {
                throw new NotSupportedException();
            }
    
            #endregion
    
            #region 对象添加、修改
    
            /// <summary>
            /// 插入指定对象到数据库中
            /// </summary>
            /// <param name="obj">指定的对象</param>
            /// <param name="trans">事务对象</param>
            /// <returns>执行成功返回true或false</returns>
            public virtual bool Insert(T obj, DbTransaction trans = null)
            {
                ArgumentValidation.CheckForNullReference(obj, "传入的对象obj为空");
    
                OperationLogOfInsert(obj, trans);//根据设置记录操作日志
    
                Hashtable hash = GetHashByEntity(obj);
                return Insert(hash, trans);
            }
    
            /// <summary>
            /// 插入指定对象到数据库中,并返回自增长的键值
            /// </summary>
            /// <param name="obj">指定的对象</param>
            /// <param name="trans">事务对象</param>
            /// <returns>执行成功返回True</returns>
            public virtual int Insert2(T obj, DbTransaction trans = null)
            {
                ArgumentValidation.CheckForNullReference(obj, "传入的对象obj为空");
    
                OperationLogOfInsert(obj, trans);//根据设置记录操作日志
    
                Hashtable hash = GetHashByEntity(obj);
                return Insert2(hash, trans);
            }
    
            /// <summary>
            /// 更新对象属性到数据库中
            /// </summary>
            /// <param name="obj">指定的对象</param>
            /// <param name="primaryKeyValue">主键的值</param>
            /// <param name="trans">事务对象</param>
            /// <returns>执行成功返回<c>true</c>,否则为<c>false</c></returns>
            public virtual bool Update(T obj, object primaryKeyValue, DbTransaction trans = null)
            {
                ArgumentValidation.CheckForNullReference(obj, "传入的对象obj为空");
    
                OperationLogOfUpdate(obj, primaryKeyValue, trans);//根据设置记录操作日志
    
                Hashtable hash = GetHashByEntity(obj);
                return Update(primaryKeyValue, hash, trans);
            }
    
            /// <summary>
            /// 更新数据
            /// </summary>
            /// <param name="commandType">数据类型</param>
            /// <param name="sql">sql</param>
            /// <param name="trans">事务对象</param>
            /// <returns>bool</returns>
            public virtual bool Update(CommandType commandType, string sql, DbTransaction trans = null)
            {
                Database db = CreateDatabase();
                if (trans != null)
                {
                    return db.ExecuteNonQuery(trans, CommandType.Text, sql) > 0;
                }
                else
                {
                    return db.ExecuteNonQuery(CommandType.Text, sql) > 0;
                }
            }
    
            /// <summary>
            /// 插入或更新对象属性到数据库中
            /// </summary>
            /// <param name="obj">指定的对象</param>
            /// <param name="primaryKeyValue">主键的值</param>
            /// <param name="trans">事务对象</param>
            /// <returns>执行成功返回<c>true</c>,否则为<c>false</c></returns>
            public virtual bool InsertUpdate(T obj, object primaryKeyValue, DbTransaction trans = null)
            {
                bool result = Update(obj, primaryKey, trans);
                if (!result)
                {
                    result = Insert(obj, trans);
                }
    
                return result;
            }
    
            /// <summary>
            /// 如果不存在记录,则插入对象属性到数据库中
            /// </summary>
            /// <param name="obj">指定的对象</param>
            /// <param name="primaryKeyValue">主键的值</param>
            /// <param name="trans">事务对象</param>
            /// <returns>执行插入成功返回<c>true</c>,否则为<c>false</c></returns>
            public virtual bool InsertIfNew(T obj, object primaryKeyValue, DbTransaction trans = null)
            {
                bool result = false;
                string sql = string.Format("Update {0} set {1}={2}ID  Where {1} = {2}ID", tableName, primaryKey, parameterPrefix);
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
                db.AddInParameter(command, "ID", TypeToDbType(primaryKeyValue.GetType()), primaryKeyValue);
    
                int count = db.ExecuteNonQuery(command, trans);
                if (count <= 0)
                {
                    result = Insert(obj, trans);
                }
                return result;
            }
     
            #endregion
    
            #region 返回实体类操作
    
            /// <summary>
            /// 查询数据库,检查是否存在指定ID的对象
            /// </summary>
            /// <param name="key">对象的ID值</param>
            /// <param name="trans">事务对象</param>
            /// <returns>存在则返回指定的对象,否则返回Null</returns>
            public virtual T FindByID(object key, DbTransaction trans = null)
            {
                return PrivateFindByID(key, trans);
            }
    
            /// <summary>
            /// 提供对FindByID的私有方法实现
            /// </summary>
            /// <param name="key">主键的值</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            private T PrivateFindByID(object key, DbTransaction trans = null)
            {
                string sql = string.Format("Select {0} From {1} Where ({2} = {3}ID)", selectedFields, tableName, primaryKey, parameterPrefix);
    
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
                db.AddInParameter(command, "ID", TypeToDbType(key.GetType()), key);
    
                T entity = GetEntity(db, command, trans);
                return entity;
            }
    
            /// <summary>
            /// 封装通用获取实体对象的私有方法
            /// </summary>
            /// <param name="db">Database对象</param>
            /// <param name="command">DbCommand对象</param>
            /// <param name="trans">事务对象,可为空</param>
            /// <returns></returns>
            protected T GetEntity(Database db, DbCommand command, DbTransaction trans = null)
            {
                T entity = null;
                if (trans != null)
                {
                    using (IDataReader dr = db.ExecuteReader(command, trans))
                    {
                        if (dr.Read())
                        {
                            entity = DataReaderToEntity(dr);
                        }
                    }
                }
                else
                {
                    using (IDataReader dr = db.ExecuteReader(command))
                    {
                        if (dr.Read())
                        {
                            entity = DataReaderToEntity(dr);
                        }
                    }
                }
                return entity;
            }
    
            /// <summary>
            /// 根据条件查询数据库,如果存在返回第一个对象
            /// </summary>
            /// <param name="condition">查询的条件</param>
            /// <param name="trans">事务对象</param>
            /// <returns>指定的对象</returns>
            public virtual T FindSingle(string condition, DbTransaction trans = null)
            {
                return FindSingle(condition, null, null, trans);
            }
    
            /// <summary>
            /// 根据条件查询数据库,如果存在返回第一个对象
            /// </summary>
            /// <param name="condition">查询的条件</param>
            /// <param name="orderBy">自定义排序语句,如Order By Name Desc;如不指定,则使用默认排序</param>
            /// <param name="trans">事务对象</param>
            /// <returns>指定的对象</returns>
            public virtual T FindSingle(string condition, string orderBy, DbTransaction trans = null)
            {
                return FindSingle(condition, orderBy, null, trans);
            }
    
            /// <summary>
            /// 根据条件查询数据库,如果存在返回第一个对象
            /// </summary>
            /// <param name="condition">查询的条件</param>
            /// <param name="orderBy">自定义排序语句,如Order By Name Desc;如不指定,则使用默认排序</param>
            /// <param name="paramList">参数列表</param>
            /// <param name="trans">事务对象</param>
            /// <returns>指定的对象</returns>
            public virtual T FindSingle(string condition, string orderBy, IDbDataParameter[] paramList, DbTransaction trans = null)
            {
                if (HasInjectionData(condition))
                {
                    LogTextHelper.Error(string.Format("检测出SQL注入的恶意数据, {0}", condition));
                    throw new Exception("检测出SQL注入的恶意数据");
                }
                if (HasInjectionData(orderBy))
                {
                    LogTextHelper.Error(string.Format("检测出SQL注入的恶意数据, {0}", orderBy));
                    throw new Exception("检测出SQL注入的恶意数据");
                }
    
                string sql = string.Format("Select {0} From {1} ", selectedFields, tableName);
                if (!string.IsNullOrEmpty(condition))
                {
                    sql += string.Format("Where {0} ", condition);
                }
                if (!string.IsNullOrEmpty(orderBy))
                {
                    sql += " " + orderBy;
                }
                else
                {
                    sql += string.Format(" Order by {0} {1}", GetSafeFileName(sortField), isDescending ? "DESC" : "ASC");
                }
    
                #region 获取单条记录
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
                if (paramList != null)
                {
                    command.Parameters.AddRange(paramList);
                }
    
                T entity = GetEntity(db, command, trans);
                return entity;
    
                #endregion
            }
    
            /// <summary>
            /// 查找记录表中最旧的一条记录
            /// </summary>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual T FindFirst(DbTransaction trans = null)
            {
                throw new NotSupportedException();
            }
    
            /// <summary>
            /// 查找记录表中最新的一条记录
            /// </summary>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual T FindLast(DbTransaction trans = null)
            {
                throw new NotSupportedException();
            } 
    
            #endregion
    
            #region 返回集合的接口
            
            /// <summary>
            /// 根据ID字符串(逗号分隔)获取对象列表
            /// </summary>
            /// <param name="idString">ID字符串(逗号分隔)</param>
            /// <param name="trans">事务对象</param>
            /// <returns>符合条件的对象列表</returns>
            public virtual List<T> FindByIDs(string idString, DbTransaction trans = null)
            {
                string condition = string.Format("{0} in({1})", primaryKey, idString);
                return this.Find(condition, trans);
            }        
            
            /// <summary>
            /// 根据条件查询数据库,并返回对象集合
            /// </summary>
            /// <param name="condition">查询的条件</param>
            /// <param name="trans">事务对象</param>
            /// <returns>指定对象的集合</returns>
            public virtual List<T> Find(string condition, DbTransaction trans = null)
            {
                return Find(condition, null, null, trans );
            }
    
            /// <summary>
            /// 根据条件查询数据库,并返回对象集合
            /// </summary>
            /// <param name="condition">查询的条件</param>
            /// <param name="orderBy">排序条件</param>
            /// <param name="trans">事务对象</param>
            /// <returns>指定对象的集合</returns>
            public virtual List<T> Find(string condition, string orderBy, DbTransaction trans = null)
            {
                return Find(condition, orderBy, null, trans);
            }
    
            /// <summary>
            /// 根据条件查询数据库,并返回对象集合
            /// </summary>
            /// <param name="condition">查询的条件</param>
            /// <param name="orderBy">自定义排序语句,如Order By Name Desc;如不指定,则使用默认排序</param>
            /// <param name="paramList">参数列表</param>
            /// <param name="trans">事务对象</param>
            /// <returns>指定对象的集合</returns>
            public virtual List<T> Find(string condition, string orderBy, IDbDataParameter[] paramList, DbTransaction trans = null)
            {
                if (HasInjectionData(condition))
                {
                    LogTextHelper.Error(string.Format("检测出SQL注入的恶意数据, {0}", condition));
                    throw new Exception("检测出SQL注入的恶意数据");
                }
    
                //串连条件语句为一个完整的Sql语句
                string sql = string.Format("Select {0} From {1} ", selectedFields, tableName);
                if (!string.IsNullOrEmpty(condition))
                {
                    sql += string.Format("Where {0}", condition);
                }
                if (!string.IsNullOrEmpty(orderBy))
                {
                    sql += " " + orderBy;
                }
                else
                {
                    sql += string.Format(" Order by {0} {1}", GetSafeFileName(sortField), isDescending ? "DESC" : "ASC");
                }
    
                List<T> list = GetList(sql, paramList, trans);
                return list;
            }
    
            /// <summary>
            /// 通用获取集合对象方法
            /// </summary>
            /// <param name="sql">查询的Sql语句</param>
            /// <param name="paramList">参数列表,如果没有则为null</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual List<T> GetList(string sql, IDbDataParameter[] paramList = null, DbTransaction trans = null)
            {
                T entity = null;
                List<T> list = new List<T>();
    
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
                if (paramList != null)
                {
                    command.Parameters.AddRange(paramList);
                }
    
                if (trans != null)
                {
                    using (IDataReader dr = db.ExecuteReader(command, trans))
                    {
                        while (dr.Read())
                        {
                            entity = DataReaderToEntity(dr);
    
                            list.Add(entity);
                        }
                    }
                }
                else
                {
                    using (IDataReader dr = db.ExecuteReader(command))
                    {
                        while (dr.Read())
                        {
                            entity = DataReaderToEntity(dr);
    
                            list.Add(entity);
                        }
                    }
                }
                return list;
            }
                            
            /// <summary>
            /// 以分页方式通用获取集合对象方法
            /// </summary>
            /// <param name="sql">查询的Sql语句</param>
            /// <param name="info">分页实体</param>
            /// <param name="paramList">参数列表,如果没有则为null</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual List<T> GetListWithPager(string sql, PagerInfo info, IDbDataParameter[] paramList = null, DbTransaction trans = null)
            {
                PagerHelper helper = new PagerHelper(sql, this.selectedFields, this.sortField,
                    info.PageSize, info.CurrenetPageIndex, this.isDescending, "");
    
                string countSql = helper.GetPagingSql(true);
                string strCount = SqlValueList(countSql);
                info.RecordCount = Convert.ToInt32(strCount);
    
                string dataSql = helper.GetPagingSql(false);
                List<T> list = GetList(dataSql, paramList, trans);
                return list;
            }
    
            /// <summary>
            /// 根据条件查询数据库,并返回对象集合(用于分页数据显示)
            /// </summary>
            /// <param name="condition">查询的条件</param>
            /// <param name="info">分页实体</param>
            /// <param name="trans">事务对象</param>
            /// <returns>指定对象的集合</returns>
            public virtual List<T> FindWithPager(string condition, PagerInfo info, DbTransaction trans = null)
            {
                return FindWithPager(condition, info, this.sortField, this.isDescending, trans);
            }
                    
            /// <summary>
            /// 根据条件查询数据库,并返回对象集合(用于分页数据显示)
            /// </summary>
            /// <param name="condition">查询的条件</param>
            /// <param name="info">分页实体</param>
            /// <param name="fieldToSort">排序字段</param>
            /// <param name="trans">事务对象</param>
            /// <returns>指定对象的集合</returns>
            public virtual List<T> FindWithPager(string condition, PagerInfo info, string fieldToSort, DbTransaction trans = null)
            {
                return FindWithPager(condition, info, fieldToSort, this.isDescending, trans);
            }
                 
            /// <summary>
            /// 根据条件查询数据库,并返回对象集合(用于分页数据显示)
            /// </summary>
            /// <param name="condition">查询的条件</param>
            /// <param name="info">分页实体</param>
            /// <param name="fieldToSort">排序字段</param>
            /// <param name="desc">是否降序</param>
            /// <param name="trans">事务对象</param>
            /// <returns>指定对象的集合</returns>
            public virtual List<T> FindWithPager(string condition, PagerInfo info, string fieldToSort, bool desc, DbTransaction trans = null)
            {
                if (HasInjectionData(condition))
                {
                    LogTextHelper.Error(string.Format("检测出SQL注入的恶意数据, {0}", condition));
                    throw new Exception("检测出SQL注入的恶意数据");
                }
    
    
                PagerHelper helper = new PagerHelper(tableName, this.selectedFields, fieldToSort,
                    info.PageSize, info.CurrenetPageIndex, desc, condition);
    
                string countSql = helper.GetPagingSql(true);
                string strCount = SqlValueList(countSql);
                info.RecordCount = Convert.ToInt32(strCount);
    
                string dataSql = helper.GetPagingSql(false);
                List<T> list = GetList(dataSql, null, trans);
                return list;
            }
    
    
            /// <summary>
            /// 返回数据库所有的对象集合
            /// </summary>
            /// <param name="trans">事务对象</param>
            /// <returns>指定对象的集合</returns>
            public virtual List<T> GetAll(DbTransaction trans = null)
            {
                return GetAll("", trans);
            }
                    
            /// <summary>
            /// 返回数据库所有的对象集合
            /// </summary>
            /// <param name="orderBy">自定义排序语句,如Order By Name Desc;如不指定,则使用默认排序</param>
            /// <param name="trans">事务对象</param>
            /// <returns>指定对象的集合</returns>
            public virtual List<T> GetAll(string orderBy, DbTransaction trans = null)
            {
                if (HasInjectionData(orderBy))
                {
                    LogTextHelper.Error(string.Format("检测出SQL注入的恶意数据, {0}", orderBy));
                    throw new Exception("检测出SQL注入的恶意数据");
                }
    
                string sql = string.Format("Select {0} From {1} ", selectedFields, tableName);
                if (!string.IsNullOrEmpty(orderBy))
                {
                    sql += orderBy;
                }
                else
                {
                    sql += string.Format(" Order by {0} {1}", GetSafeFileName(sortField), isDescending ? "DESC" : "ASC");
                }
    
                List<T> list = GetList(sql, null);
                return list;
            }
    
            /// <summary>
            /// 返回数据库所有的对象集合(用于分页数据显示)
            /// </summary>
            /// <param name="info">分页实体信息</param>
            /// <param name="trans">事务对象</param>
            /// <returns>指定对象的集合</returns>
            public virtual List<T> GetAll(PagerInfo info, DbTransaction trans = null)
            {
                return FindWithPager("", info, this.sortField, this.isDescending, trans);
            }
            
            /// <summary>
            /// 返回数据库所有的对象集合(用于分页数据显示)
            /// </summary>
            /// <param name="info">分页实体信息</param>
            /// <param name="fieldToSort">排序字段</param>
            /// <param name="desc">是否降序</param>
            /// <param name="trans">事务对象</param>
            /// <returns>指定对象的集合</returns>
            public virtual List<T> GetAll(PagerInfo info, string fieldToSort, bool desc, DbTransaction trans = null)
            {
                return FindWithPager("", info, fieldToSort, desc, trans);
            }
    
    
            /// <summary>
            /// 返回所有记录到DataTable集合中
            /// </summary>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual DataTable GetAllToDataTable(DbTransaction trans = null)
            {
                return GetAllToDataTable("", trans);
            }
    
            /// <summary>
            /// 返回所有记录到DataTable集合中
            /// </summary>
            /// <param name="orderBy">自定义排序语句,如Order By Name Desc;如不指定,则使用默认排序</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual DataTable GetAllToDataTable(string orderBy, DbTransaction trans = null)
            {
                if (HasInjectionData(orderBy))
                {
                    LogTextHelper.Error(string.Format("检测出SQL注入的恶意数据, {0}", orderBy));
                    throw new Exception("检测出SQL注入的恶意数据");
                }
    
                string sql = string.Format("Select {0} From {1} ", selectedFields, tableName);
                if (!string.IsNullOrEmpty(orderBy))
                {
                    sql += orderBy;
                }
                else
                {
                    sql += string.Format(" Order by {0} {1}", GetSafeFileName(sortField), isDescending ? "DESC" : "ASC");
                }
    
                return GetDataTableBySql(sql, trans);
            }
                     
            /// <summary>
            /// 根据分页条件,返回DataTable对象
            /// </summary>
            /// <param name="info">分页条件</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual DataTable GetAllToDataTable(PagerInfo info, DbTransaction trans = null)
            {
                return FindToDataTable("", info, this.sortField, this.isDescending, trans);
            }
    
            /// <summary>
            /// 根据分页条件,返回DataTable对象
            /// </summary>
            /// <param name="info">分页条件</param>
            /// <param name="fieldToSort">排序字段</param>
            /// <param name="desc">是否降序</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual DataTable GetAllToDataTable(PagerInfo info, string fieldToSort, bool desc, DbTransaction trans = null)
            {
                return FindToDataTable("", info, fieldToSort, desc, trans);
            }
    
    
            /// <summary>
            /// 根据查询条件,返回记录到DataTable集合中
            /// </summary>
            /// <param name="condition">查询条件</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual DataTable FindToDataTable(string condition, DbTransaction trans = null)
            {
                if (HasInjectionData(condition))
                {
                    LogTextHelper.Error(string.Format("检测出SQL注入的恶意数据, {0}", condition));
                    throw new Exception("检测出SQL注入的恶意数据");
                }
    
                //串连条件语句为一个完整的Sql语句
                string sql = string.Format("Select {0} From {1} ", selectedFields, tableName);
                if (!string.IsNullOrEmpty(condition))
                {
                    sql += string.Format("Where {0}", condition);
                }
                sql += string.Format(" Order by {0} {1}", GetSafeFileName(sortField), isDescending ? "DESC" : "ASC");
    
                return GetDataTableBySql(sql, trans);
            }
                    
            /// <summary>
            /// 根据查询条件,返回记录到DataTable集合中
            /// </summary>
            /// <param name="condition">查询条件</param>
            /// <param name="info">分页条件</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual DataTable FindToDataTable(string condition, PagerInfo info, DbTransaction trans = null)
            {
                return FindToDataTable(condition, info, this.sortField, this.isDescending, trans);
            }
    
            /// <summary>
            /// 根据条件查询数据库,并返回DataTable集合(用于分页数据显示)
            /// </summary>
            /// <param name="condition">查询的条件</param>
            /// <param name="info">分页实体</param>
            /// <param name="fieldToSort">排序字段</param>
            /// <param name="desc">是否降序</param>
            /// <param name="trans">事务对象</param>
            /// <returns>指定DataTable的集合</returns>
            public virtual DataTable FindToDataTable(string condition, PagerInfo info, string fieldToSort, bool desc, DbTransaction trans = null)
            {
                if (HasInjectionData(condition))
                {
                    LogTextHelper.Error(string.Format("检测出SQL注入的恶意数据, {0}", condition));
                    throw new Exception("检测出SQL注入的恶意数据");
                }
    
                PagerHelper helper = new PagerHelper(tableName, this.selectedFields, fieldToSort,
                    info.PageSize, info.CurrenetPageIndex, desc, condition);
    
                string countSql = helper.GetPagingSql(true);
                string strCount = SqlValueList(countSql, trans);
                info.RecordCount = Convert.ToInt32(strCount);
    
                string dataSql = helper.GetPagingSql(false);
                return GetDataTableBySql(dataSql, trans);
            }
    
            /// <summary>
            /// 操根据条件返回DataTable记录辅助类
            /// </summary>
            /// <param name="sql"></param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            protected DataTable GetDataTableBySql(string sql, DbTransaction trans = null)
            {
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
    
                DataTable dt = null;
                if (trans != null)
                {
                    dt = db.ExecuteDataSet(command, trans).Tables[0];
                }
                else
                {
                    dt = db.ExecuteDataSet(command).Tables[0];
                }
    
                if (dt != null)
                {
                    dt.TableName = "tableName";//增加一个表名称,防止WCF方式因为TableName为空出错
                }
                return dt;
            }
    
            /// <summary>
            /// 获取某字段数据字典列表
            /// </summary>
            /// <param name="fieldName">字段名称</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual List<string> GetFieldList(string fieldName, DbTransaction trans = null)
            {
                return GetFieldListByCondition(fieldName, null, trans);
            }
                           
            /// <summary>
            /// 根据条件,获取某字段数据字典列表
            /// </summary>
            /// <param name="fieldName">字段名称</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public List<string> GetFieldListByCondition(string fieldName, string condition, DbTransaction trans = null)
            {
                string safeFieldName = GetSafeFileName(fieldName);
                string sql = string.Format("Select distinct {0} From {1} ", safeFieldName, tableName);
                if(!string.IsNullOrEmpty(condition))
                {
                    sql += string.Format(" Where {0} ",  condition);
                }
                sql += string.Format(" order by {0}", safeFieldName);
    
                List<string> list = new List<string>();
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
    
                string number = string.Empty;
                if (trans != null)
                {
                    using (IDataReader dr = db.ExecuteReader(command, trans))
                    {
                        while (dr.Read())
                        {
                            number = dr[fieldName].ToString();
                            if (!string.IsNullOrEmpty(number))
                            {
                                list.Add(number);
                            }
                        }
                    }
                }
                else
                {
                    using (IDataReader dr = db.ExecuteReader(command))
                    {
                        while (dr.Read())
                        {
                            number = dr[fieldName].ToString();
                            if (!string.IsNullOrEmpty(number))
                            {
                                list.Add(number);
                            }
                        }
                    }
                }
                return list;
            }
    
            /// <summary>
            /// 根据条件,从视图里面获取记录
            /// </summary>
            /// <param name="viewName">视图名称</param>
            /// <param name="condition">查询条件</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public DataTable FindByView(string viewName, string condition, DbTransaction trans = null)
            {
                if (HasInjectionData(condition))
                {
                    LogTextHelper.Error(string.Format("检测出SQL注入的恶意数据, {0}", condition));
                    throw new Exception("检测出SQL注入的恶意数据");
                }
    
                //串连条件语句为一个完整的Sql语句
                string sql = string.Format("Select * From {0} Where ", viewName);
                sql += condition;
                //sql += string.Format(" Order by {0} {1}", SortField, IsDescending ? "DESC" : "ASC");
    
                return GetDataTableBySql(sql, trans);
            }
                  
            /// <summary>
            /// 根据条件,从视图里面获取记录
            /// </summary>
            /// <param name="viewName">视图名称</param>
            /// <param name="condition">查询条件</param>
            /// <param name="sortField">排序字段</param>
            /// <param name="isDescending">是否为降序</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public DataTable FindByView(string viewName, string condition, string sortField, bool isDescending, DbTransaction trans = null)
            {
                //串连条件语句为一个完整的Sql语句
                string sql = string.Format("Select * From {0} Where ", viewName);
                sql += condition;
                sql += string.Format(" Order by {0} {1}", sortField, isDescending ? "DESC" : "ASC");
    
                return GetDataTableBySql(sql, trans);
            }
    
            /// <summary>
            /// 获取前面记录指定数量的记录
            /// </summary>
            /// <param name="sql">查询语句</param>
            /// <param name="count">指定数量</param>
            /// <param name="orderBy">排序条件,例如order by id</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public abstract DataTable GetTopResult(string sql, int count, string orderBy, DbTransaction trans = null);
    
            /// <summary>
            /// 根据条件,从视图里面获取记录
            /// </summary>
            /// <param name="viewName">视图名称</param>
            /// <param name="condition">查询条件</param>
            /// <param name="sortField">排序字段</param>
            /// <param name="isDescending">是否为降序</param>
            /// <param name="info">分页条件</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public DataTable FindByViewWithPager(string viewName, string condition, string sortField, bool isDescending, PagerInfo info, DbTransaction trans = null)
            {
                //从视图中获取数据
                PagerHelper helper = new PagerHelper(viewName, "*", sortField,
                                info.PageSize, info.CurrenetPageIndex, isDescending, condition);
                string countSql = helper.GetPagingSql(true);
                string strCount = SqlValueList(countSql, trans);
                info.RecordCount = Convert.ToInt32(strCount);
    
                string dataSql = helper.GetPagingSql(false);
                return GetDataTableBySql(dataSql, trans);
            }
    
            #endregion
            
            #region 子类必须实现的函数(用于更新或者插入)
    
            /// <summary>
            /// 将DataReader的属性值转化为实体类的属性值,返回实体类
            /// (提供了默认的反射机制获取信息,为了提高性能,建议重写该函数)
            /// </summary>
            /// <param name="dr">有效的DataReader对象</param>
            /// <returns>实体类对象</returns>
            protected virtual T DataReaderToEntity(IDataReader dr)
            {
                T obj = new T();
                PropertyInfo[] pis = obj.GetType().GetProperties();
    
                foreach (PropertyInfo pi in pis)
                {
                    try
                    {
                        if (dr[pi.Name].ToString() != "")
                        {
                            pi.SetValue(obj, dr[pi.Name] ?? "", null);
                        }
                    }
                    catch { }
                }
                return obj;
            }
    
            /// <summary>
            /// 将实体对象的属性值转化为Hashtable对应的键值(用于插入或者更新操作)
            /// (提供了默认的反射机制获取信息,为了提高性能,建议重写该函数)
            /// </summary>
            /// <param name="obj">有效的实体对象</param>
            /// <returns>包含键值映射的Hashtable</returns>
            protected virtual Hashtable GetHashByEntity(T obj)
            {
                Hashtable ht = new Hashtable();
                PropertyInfo[] pis = obj.GetType().GetProperties();
                for (int i = 0; i < pis.Length; i++)
                {
                    //if (pis[i].Name != PrimaryKey)
                    {
                        object objValue = pis[i].GetValue(obj, null);
                        objValue = (objValue == null) ? DBNull.Value : objValue;
    
                        if (!ht.ContainsKey(pis[i].Name))
                        {
                            ht.Add(pis[i].Name, objValue);
    
                            EntityTypeHash.Add(pis[i].Name, pis[i].GetType());
                        }                    
                    }
                }
                return ht;
            }
    
            private Hashtable EntityTypeHash = new Hashtable();
    
            #endregion
            
            #region IBaseDAL接口
    
            /// <summary>
            /// 获取表的所有记录数量
            /// </summary>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual int GetRecordCount(DbTransaction trans = null)
            {
                string sql = string.Format("Select Count(*) from {0} ", tableName);
    
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
    
                return GetExecuteScalarValue(db, command, trans);
            }
    
            /// <summary>
            /// 获取表的所有记录数量
            /// </summary>
            /// <param name="condition">查询条件</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual int GetRecordCount(string condition, DbTransaction trans = null)
            {
                if (HasInjectionData(condition))
                {
                    LogTextHelper.Error(string.Format("检测出SQL注入的恶意数据, {0}", condition));
                    throw new Exception("检测出SQL注入的恶意数据");
                }
    
                string sql = string.Format("Select Count(*) from {0} WHERE {1} ", tableName, condition);
    
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
    
                return GetExecuteScalarValue(db, command, trans);
            }
    
            /// <summary>
            /// 获取单一的记录值
            /// </summary>
            /// <param name="db">Database对象</param>
            /// <param name="command">DbCommand对象</param>
            /// <param name="trans">DbTransaction对象,可为空</param>
            /// <returns></returns>
            protected int GetExecuteScalarValue(Database db, DbCommand command, DbTransaction trans = null)
            {
                int result = 0;
                object objResult = null;
                if (trans != null)
                {
                    objResult = db.ExecuteScalar(command, trans);                
                }
                else
                {
                    objResult = db.ExecuteScalar(command);
                }
    
                if (objResult != null && objResult != DBNull.Value)
                {
                    result = Convert.ToInt32(objResult);
                }
                return result;
            }
    
            /// <summary>
            /// 根据condition条件,判断是否存在记录
            /// </summary>
            /// <param name="condition">查询的条件</param>
            /// <param name="trans">事务对象</param>
            /// <returns>如果存在返回True,否则False</returns>
            public virtual bool IsExistRecord(string condition, DbTransaction trans = null)
            {
                if (HasInjectionData(condition))
                {
                    LogTextHelper.Error(string.Format("检测出SQL注入的恶意数据, {0}", condition));
                    throw new Exception("检测出SQL注入的恶意数据");
                }
    
                string sql = string.Format("Select Count(*) from {0} WHERE {1} ", tableName, condition);
    
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
    
                int result = GetExecuteScalarValue(db, command, trans);
                return result > 0;
            }
    
            /// <summary>
            /// 查询数据库,检查是否存在指定键值的对象
            /// </summary>
            /// <param name="recordTable">Hashtable:键[key]为字段名;值[value]为字段对应的值</param>
            /// <param name="trans">事务对象</param>
            /// <returns>存在则返回<c>true</c>,否则为<c>false</c></returns>
            public virtual bool IsExistKey(Hashtable recordTable, DbTransaction trans = null)
            {
                string fields = "";// 字段名
                foreach (string field in recordTable.Keys)
                {
                    fields += string.Format(" {0} = {1}{2} AND", GetSafeFileName(field), parameterPrefix, field);
                }
                fields = fields.Substring(0, fields.Length - 3);//除去最后的AND
    
                string sql = string.Format("SELECT COUNT(*) FROM {0} WHERE {1}", tableName, fields);
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
                foreach (string field in recordTable.Keys)
                {
                    object objValue = recordTable[field];
                    db.AddInParameter(command, field, TypeToDbType(objValue.GetType()), objValue);
                }
    
                return GetExecuteScalarValue(db, command, trans) > 0;
            }
    
            /// <summary>
            /// 查询数据库,检查是否存在指定键值的对象
            /// </summary>
            /// <param name="fieldName">指定的属性名</param>
            /// <param name="key">指定的值</param>
            /// <param name="trans">事务对象</param>
            /// <returns>存在则返回<c>true</c>,否则为<c>false</c></returns>
            public virtual bool IsExistKey(string fieldName, object key, DbTransaction trans = null)
            {
                Hashtable table = new Hashtable();
                table.Add(fieldName, key);
    
                return IsExistKey(table, trans);
            }
            
            /// <summary>
            /// 获取数据库中该对象的最大ID值
            /// </summary>
            /// <param name="trans">事务对象</param>
            /// <returns>最大ID值</returns>
            public virtual int GetMaxID(DbTransaction trans = null)
            {
                string sql = string.Format("SELECT MAX({0}) AS MaxID FROM {1}", primaryKey, tableName);
    
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
    
                object obj = null;
                if (trans != null)
                {
                    obj = db.ExecuteScalar(command, trans);
                }
                else
                {
                    obj = db.ExecuteScalar(command);
                }
                if(Convert.IsDBNull(obj))
                {
                    return 0;//没有记录的时候为0
                }
                return Convert.ToInt32(obj);
            }
    
            /// <summary>
            /// 根据主键和字段名称,获取对应字段的内容
            /// </summary>
            /// <param name="key">指定对象的ID</param>
            /// <param name="fieldName">字段名称</param>
            /// <param name="trans">事务对象</param>
            /// <returns></returns>
            public virtual string GetFieldValue(object key, string fieldName, DbTransaction trans = null)
            {
                string condition = string.Format("{0} = {1}{0}", primaryKey, parameterPrefix);
                string sql = string.Format("Select {0} FROM {1} WHERE {2} ", fieldName, tableName, condition);
    
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
                db.AddInParameter(command, primaryKey, TypeToDbType(key.GetType()), key);
    
                object obj;
                if (trans != null)
                {
                    obj = db.ExecuteScalar(command, trans);                
                }
                else
                {
                    obj = db.ExecuteScalar(command);
                }
    
                string result = "";
                if (obj != null && obj != DBNull.Value)
                {
                    result = obj.ToString();
                }
    
                return result;
            }
    
            /// <summary>
            /// 根据指定对象的ID,从数据库中删除指定对象
            /// </summary>
            /// <param name="key">指定对象的ID</param>
            /// <param name="trans">事务对象</param>
            /// <returns>执行成功返回<c>true</c>,否则为<c>false</c></returns>
            public virtual bool Delete(object key, DbTransaction trans = null)
            {
                OperationLogOfDelete(key, null, trans); //根据设置记录操作日志
    
                string condition = string.Format("{0} = {1}{0}", primaryKey, parameterPrefix);
                string sql = string.Format("DELETE FROM {0} WHERE {1} ", tableName, condition);
    
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
                db.AddInParameter(command, primaryKey, TypeToDbType(key.GetType()), key);
    
                bool result = false;
                if (trans != null)
                {
                    result = db.ExecuteNonQuery(command, trans) > 0;
                }
                else
                {
                    result = db.ExecuteNonQuery(command) > 0;
                }
                return result;
            }
    
            /// <summary>
            /// 根据指定对象的ID和用户ID,从数据库中删除指定对象(用于记录人员的操作日志)
            /// </summary>
            /// <param name="key">指定对象的ID</param>
            /// <param name="userId">用户ID</param>
            /// <param name="trans">事务对象</param>
            /// <returns>执行成功返回<c>true</c>,否则为<c>false</c></returns>
            public virtual bool DeleteByUser(object key, string userId, DbTransaction trans = null)
            {
                OperationLogOfDelete(key, userId, trans); //根据设置记录操作日志
    
                string condition = string.Format("{0} = {1}{0}", primaryKey, parameterPrefix);
                string sql = string.Format("DELETE FROM {0} WHERE {1} ", tableName, condition);
    
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
                db.AddInParameter(command, primaryKey, TypeToDbType(key.GetType()), key);
    
                bool result = false;
                if (trans != null)
                {
                    result = db.ExecuteNonQuery(command, trans) > 0;
                }
                else
                {
                    result = db.ExecuteNonQuery(command) > 0;
                }
    
                return result;
            }    
            
            /// <summary>
            /// 根据指定条件,从数据库中删除指定对象
            /// </summary>
            /// <param name="condition">删除记录的条件语句</param>
            /// <param name="trans">事务对象</param>
            /// <param name="paramList">Sql参数列表</param>
            /// <param name="trans">事务对象</param>
            /// <returns>执行成功返回<c>true</c>,否则为<c>false</c></returns>
            public virtual bool DeleteByCondition(string condition, DbTransaction trans=null, IDbDataParameter[] paramList=null)
            {
                if (HasInjectionData(condition))
                {
                    LogTextHelper.Error(string.Format("检测出SQL注入的恶意数据, {0}", condition));
                    throw new Exception("检测出SQL注入的恶意数据");
                }
    
                string sql = string.Format("DELETE FROM {0} WHERE {1} ", tableName, condition);
    
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
                if(paramList != null)
                {
                    command.Parameters.AddRange(paramList);
                }
    
                bool result = false;
                if (trans != null)
                {
                    result = db.ExecuteNonQuery(command, trans) > 0;
                }
                else
                {
                    result = db.ExecuteNonQuery(command) > 0;
                }
    
                return result;
            }
                           
            #endregion
    
            #region 用户操作记录的实现
            /// <summary>
            /// 插入操作的日志记录
            /// </summary>
            /// <param name="obj">数据对象</param>
            /// <param name="trans">事务对象</param>
            protected virtual void OperationLogOfInsert(T obj, DbTransaction trans = null)
            {
                if (OnOperationLog != null)
                {
                    string operationType = "增加";
                    string userId = obj.CurrentLoginUserId;
    
                    Hashtable recordField = GetHashByEntity(obj);
                    Dictionary<string, string> dictColumnNameAlias = GetColumnNameAlias();
    
                    StringBuilder sb = new StringBuilder();
                    foreach (string field in recordField.Keys)
                    {
                        string columnAlias = field;
                        bool result = dictColumnNameAlias.TryGetValue(field, out columnAlias);
                        if (result && !string.IsNullOrEmpty(columnAlias))
                        {
                            columnAlias = string.Format("({0})", columnAlias);//增加一个括号显示
                        }
    
                        sb.AppendLine(string.Format("{0}{1}:{2}", field, columnAlias, recordField[field]));
                        sb.AppendLine();
                    }
                    sb.AppendLine();
                    string note = sb.ToString();
    
                    OnOperationLog(userId, this.tableName, operationType, note, trans);
                }
            }
    
            /// <summary>
            /// 修改操作的日志记录
            /// </summary>
            /// <param name="id">记录ID</param>
            /// <param name="obj">数据对象</param>
            /// <param name="trans">事务对象</param>
            protected virtual void OperationLogOfUpdate(T obj, object id, DbTransaction trans = null)
            {
                if (OnOperationLog != null)
                {
                    string operationType = "修改";
                    string userId = obj.CurrentLoginUserId;
    
                    Hashtable recordField = GetHashByEntity(obj);
                    Dictionary<string, string> dictColumnNameAlias = GetColumnNameAlias();
    
                    T objInDb = FindByID(id, trans);
                    if (objInDb != null)
                    {
                        Hashtable dbrecordField = GetHashByEntity(objInDb);//把数据库里的实体对象数据转换为哈希表
    
                        StringBuilder sb = new StringBuilder();
                        foreach (string field in recordField.Keys)
                        {                          
                            string newValue = recordField[field].ToString();
                            string oldValue = dbrecordField[field].ToString();
                            if (newValue != oldValue)//只记录变化的内容
                            {                            
                                string columnAlias = "";
                                bool result = dictColumnNameAlias.TryGetValue(field, out columnAlias);
                                if (result && !string.IsNullOrEmpty(columnAlias))
                                {
                                    columnAlias = string.Format("({0})", columnAlias);//增加一个括号显示
                                }
    
                                sb.AppendLine(string.Format("{0}{1}:", field, columnAlias));
                                sb.AppendLine(string.Format("	 {0} -> {1}", dbrecordField[field], recordField[field]));
                                sb.AppendLine();
                            }
                        }
                        sb.AppendLine();
                        string note = sb.ToString();
    
                        OnOperationLog(userId, this.tableName, operationType, note, trans);
                    }
                }
            }
    
            /// <summary>
            /// 删除操作的日志记录
            /// </summary>
            /// <param name="id">记录ID</param>
            /// <param name="userId">用户ID</param>
            /// <param name="trans">事务对象</param>
            protected virtual void OperationLogOfDelete(object id, string userId, DbTransaction trans = null)
            {
                if (OnOperationLog != null)
                {
                    string operationType = "删除";
    
                    Dictionary<string, string> dictColumnNameAlias = GetColumnNameAlias();
    
                    T objInDb = FindByID(id, trans);
                    if (objInDb != null)
                    {
                        Hashtable dbrecordField = GetHashByEntity(objInDb);//把数据库里的实体对象数据转换为哈希表
    
                        StringBuilder sb = new StringBuilder();
                        foreach (string field in dbrecordField.Keys)
                        {
                            string columnAlias = "";
                            bool result = dictColumnNameAlias.TryGetValue(field, out columnAlias);
                            if (result && !string.IsNullOrEmpty(columnAlias))
                            {
                                columnAlias = string.Format("({0})", columnAlias);//增加一个括号显示
                            }
    
                            sb.AppendLine(string.Format("{0}{1}:", field, columnAlias));
                            sb.AppendLine(string.Format("	 {0}", dbrecordField[field]));
                            sb.AppendLine();
                        }
                        sb.AppendLine();
                        string note = sb.ToString();
    
                        OnOperationLog(userId, this.tableName, operationType, note, trans);
                    }
                }
            } 
            #endregion
    
            #region 辅助类方法
    
            /// <summary>
            /// 转换.NET的对象类型到数据库类型
            /// </summary>
            /// <param name="t">.NET的对象类型</param>
            /// <returns></returns>
            public virtual DbType TypeToDbType(Type t)
            {
                DbType dbt;
                try
                {
                    if (t.Name.ToLower() == "byte[]")
                    {
                        dbt = DbType.Binary;
                    }
                    else
                    {
                        dbt = (DbType)Enum.Parse(typeof(DbType), t.Name);
                    }
                }
                catch
                {
                    dbt = DbType.String;
                }
                return dbt;
            }
    
            /// <summary>
            /// 初始化数据库表名
            /// </summary>
            /// <param name="tableName">数据库表名</param>
            public virtual void InitTableName(string tableName)
            {
                this.tableName = tableName;
            }
    
            /// <summary>
            /// 验证是否存在注入代码(条件语句)
            /// </summary>
            /// <param name="inputData"></param>
            public virtual bool HasInjectionData(string inputData)
            {
                if (string.IsNullOrEmpty(inputData))
                    return false;
    
                //里面定义恶意字符集合
                //验证inputData是否包含恶意集合
                if (Regex.IsMatch(inputData.ToLower(), GetRegexString()))
                {
                    return true;
                }
                else
                {
                    return false;
                }
            }
    
            /// <summary>
            /// 获取正则表达式
            /// </summary>
            /// <returns></returns>
            private string GetRegexString()
            {
                //构造SQL的注入关键字符
                string[] strBadChar =
                {
                    //"select\s",
                    //"from\s",
                    "insert\s",
                    "delete\s",
                    "update\s",
                    "drop\s",
                    "truncate\s",
                    "exec\s",
                    "count\(",
                    "declare\s",
                    "asc\(",
                    "mid\(",
                    "char\(",
                    "net user",
                    "xp_cmdshell",
                    "/add\s",
                    "exec master.dbo.xp_cmdshell",
                    "net localgroup administrators"
                };
    
                //构造正则表达式
                string str_Regex = ".*(";
                for (int i = 0; i < strBadChar.Length - 1; i++)
                {
                    str_Regex += strBadChar[i] + "|";
                }
                str_Regex += strBadChar[strBadChar.Length - 1] + ").*";
    
                return str_Regex;
            }
    
            /// <summary>
            /// 获取数据库的全部表名称
            /// </summary>
            /// <returns></returns>
            public virtual List<string> GetTableNames()
            {
                return new List<string>();
            }
    
            /// <summary>
            /// 获取表的字段名称和数据类型列表。
            /// </summary>
            /// <returns></returns>
            public virtual DataTable GetFieldTypeList()
            {
                DataTable dt = DataTableHelper.CreateTable("ColumnName,DataType");
                DataTable schemaTable = GetReaderSchema(tableName);
                if (schemaTable != null)
                {
                    foreach (DataRow dr in schemaTable.Rows)
                    {
                        string columnName = dr["ColumnName"].ToString().ToUpper();
                        string netType = dr["DataType"].ToString().ToLower();
    
                        DataRow row = dt.NewRow();
                        row["ColumnName"] = columnName;
                        row["DataType"] = netType;
    
                        dt.Rows.Add(row);
                    }
                }
    
                if (dt != null)
                {
                    dt.TableName = "tableName";//增加一个表名称,防止WCF方式因为TableName为空出错
                }
                return dt;
            }
    
            /// <summary>
            /// 获取指定表的元数据,包括字段名称、类型等等
            /// </summary>
            /// <param name="tableName">数据库表名</param>
            /// <returns></returns>
            private DataTable GetReaderSchema(string tableName)
            {
                DataTable schemaTable = null;
    
                string sql = string.Format("Select * FROM {0}", tableName);
                Database db = CreateDatabase();
                DbCommand command = db.GetSqlStringCommand(sql);
                try
                {
                    using (IDataReader reader = db.ExecuteReader(command))
                    {
                        schemaTable = reader.GetSchemaTable();
                    }
                }
                catch (Exception ex)
                {
                    LogTextHelper.Error(ex);
                }
    
                return schemaTable;
            }
    
            /// <summary>
            /// 获取字段中文别名(用于界面显示)的字典集合
            /// </summary>
            /// <returns></returns>
            public virtual Dictionary<string, string> GetColumnNameAlias()
            {
                return new Dictionary<string, string>();
            }
    
            /// <summary>
            /// 获取指定字段的报表数据
            /// </summary>
            /// <param name="fieldName">表字段</param>
            /// <param name="condition">查询条件</param>
            /// <returns></returns>
            public virtual DataTable GetReportData(string fieldName, string condition)
            {
                string where = "";
                if (!string.IsNullOrEmpty(condition))
                {
                    where = string.Format("Where {0}", condition);
                }
                string sql = string.Format("select {0} as argument, count(*) as datavalue from {1} {2} group by {0} order by count(*) desc", fieldName, tableName, where);
    
                return SqlTable(sql);
            } 
    
            #endregion
    
            #region 存储过程执行通用方法
    
            /// <summary>
            /// 执行存储过程,如果影响记录数,返回True,否则为False,修改并输出外部参数outParameters(如果有)。
            /// </summary>
            /// <param name="storeProcName">存储过程名称</param>
            /// <param name="inParameters">输入参数,可为空</param>
            /// <param name="outParameters">输出参数,可为空</param>
            /// <param name="trans">事务对象,可为空</param>
            /// <returns>如果影响记录数,返回True,否则为False</returns>
            public bool StorePorcExecute(string storeProcName, Hashtable inParameters = null, Hashtable outParameters = null, DbTransaction trans = null)
            {
                Database db = CreateDatabase();
                DbCommand command = db.GetStoredProcCommand(storeProcName);
                //参数传入
                SetStoreParameters(db, command, inParameters, outParameters);
    
                //获取执行结果
                bool result = false;
                if (trans != null)
                {
                    result = db.ExecuteNonQuery(command, trans) > 0;
                }
                else
                {
                    result = db.ExecuteNonQuery(command) > 0;
                }
    
                //获取输出参数的值
                EditOutParameters(db, command, outParameters);
    
                return result;
            }
    
            /// <summary>
            /// 执行存储过程,返回实体列表集合,修改并输出外部参数outParameters(如果有)。
            /// </summary>
            /// <param name="storeProcName">存储过程名称</param>
            /// <param name="inParameters">输入参数,可为空</param>
            /// <param name="outParameters">输出参数,可为空</param>
            /// <param name="trans">事务对象,可为空</param>
            /// <returns>返回实体列表集合</returns>
            public List<T> StorePorcToList(string storeProcName, Hashtable inParameters = null, Hashtable outParameters = null, DbTransaction trans = null)
            {
                Database db = CreateDatabase();
                DbCommand command = db.GetStoredProcCommand(storeProcName);
                //参数传入
                SetStoreParameters(db, command, inParameters, outParameters);
    
                #region 获取执行结果
    
                List<T> result = new List<T>();
                T entity = null;
                if (trans != null)
                {
                    using (IDataReader dr = db.ExecuteReader(command, trans))
                    {
                        while (dr.Read())
                        {
                            entity = DataReaderToEntity(dr);
                            result.Add(entity);
                        }
                    }
                }
                else
                {
                    using (IDataReader dr = db.ExecuteReader(command))
                    {
                        while (dr.Read())
                        {
                            entity = DataReaderToEntity(dr);
                            result.Add(entity);
                        }
                    }
                }
                #endregion
    
                //获取输出参数的值
                EditOutParameters(db, command, outParameters);
    
                return result;
            }
    
            /// <summary>
            /// 执行存储过程,返回DataTable集合,修改并输出外部参数outParameters(如果有)。
            /// </summary>
            /// <param name="storeProcName">存储过程名称</param>
            /// <param name="inParameters">输入参数,可为空</param>
            /// <param name="outParameters">输出参数,可为空</param>
            /// <param name="trans">事务对象,可为空</param>
            /// <returns>返回DataTable集合</returns>
            public DataTable StorePorcToDataTable(string storeProcName, Hashtable inParameters = null, Hashtable outParameters = null, DbTransaction trans = null)
            {
                Database db = CreateDatabase();
                DbCommand command = db.GetStoredProcCommand(storeProcName);
                //参数传入
                SetStoreParameters(db, command, inParameters, outParameters);
    
                #region 获取执行结果
    
                DataTable result = null;
                if (trans != null)
                {
                    result = db.ExecuteDataSet(command, trans).Tables[0];
                }
                else
                {
                    result = db.ExecuteDataSet(command).Tables[0];
                }
    
                if (result != null)
                {
                    result.TableName = "tableName";//增加一个表名称,防止WCF方式因为TableName为空出错
                }
                #endregion
    
                //获取输出参数的值
                EditOutParameters(db, command, outParameters);
    
                return result;
            }
    
            /// <summary>
            /// 执行存储过程,返回实体对象,修改并输出外部参数outParameters(如果有)。
            /// </summary>
            /// <param name="storeProcName">存储过程名称</param>
            /// <param name="inParameters">输入参数,可为空</param>
            /// <param name="outParameters">输出参数,可为空</param>
            /// <param name="trans">事务对象,可为空</param>
            /// <returns>返回实体对象</returns>
            public T StorePorcToEntity(string storeProcName, Hashtable inParameters = null, Hashtable outParameters = null, DbTransaction trans = null)
            {
                Database db = CreateDatabase();
                DbCommand command = db.GetStoredProcCommand(storeProcName);
    
                //参数传入
                SetStoreParameters(db, command, inParameters, outParameters);
    
                #region 获取执行结果
    
                T result = null;
                if (trans != null)
                {
                    using (IDataReader dr = db.ExecuteReader(command, trans))
                    {
                        if (dr.Read())
                        {
                            result = DataReaderToEntity(dr);
                        }
                    }
                }
                else
                {
                    using (IDataReader dr = db.ExecuteReader(command))
                    {
                        if (dr.Read())
                        {
                            result = DataReaderToEntity(dr);
                        }
                    }
                }
                #endregion
    
                //获取输出参数的值
                EditOutParameters(db, command, outParameters);
    
                return result;
            }
    
            /// <summary>
            /// 传入输入参数和输出参数到Database和DbCommand对象。
            /// </summary>
            /// <param name="db">Database对象</param>
            /// <param name="command">DbCommand对象</param>
            /// <param name="inParameters">输入参数的哈希表</param>
            /// <param name="outParameters">输出参数的哈希表</param>
            private void SetStoreParameters(Database db, DbCommand command, Hashtable inParameters = null, Hashtable outParameters = null)
            {
                #region 参数传入
                //传入输入参数
                if (inParameters != null)
                {
                    foreach (string param in inParameters.Keys)
                    {
                        object value = inParameters[param];
                        db.AddInParameter(command, param, TypeToDbType(value.GetType()), value);
                    }
                }
    
                //传入输出参数
                if (outParameters != null)
                {
                    foreach (string param in outParameters.Keys)
                    {
                        object value = outParameters[param];
                        db.AddOutParameter(command, param, TypeToDbType(value.GetType()), 0);//size统一设置为0
                    }
                }
                #endregion
            }
            /// <summary>
            /// 执行存储过程后,获取需要输出的参数值,修改存储在哈希表里
            /// </summary>
            /// <param name="db">Database对象</param>
            /// <param name="command">DbCommand对象</param>
            /// <param name="outParameters">输出参数的哈希表</param>
            private void EditOutParameters(Database db, DbCommand command, Hashtable outParameters = null)
            {
                #region 获取输出参数的值
                if (outParameters != null)
                {
                    ArrayList keys = new ArrayList(outParameters.Keys);//使用临时集合对象,避免迭代错误
                    foreach (string param in keys)
                    {
                        object retValue = db.GetParameterValue(command, param);
    
                        object value = outParameters[param];
                        outParameters[param] = Convert.ChangeType(retValue, value.GetType());
                    }
                }
                #endregion
            }
            #endregion
    
        }
    }
  • 相关阅读:
    局部变量的认识
    179一个错误的认识
    (jmeter笔记) websocket接口测试
    (jmeter笔记)聚合报告分析
    (jmeter笔记)模拟用户各种场景压测
    (linux笔记)开放防火墙端口
    (jmeter笔记)导出响应内容的网络文件
    (jmeter笔记)jmeter导出excel,中文显示乱码
    (jmeter笔记)jmeter监控服务器资源
    (Jmeter笔记)jmeter连接数据库(mysql)
  • 原文地址:https://www.cnblogs.com/Jeely/p/11346488.html
Copyright © 2011-2022 走看看