三层架构+防SQL注入——插入
SQLHELP类
SQLHELP类
/// <summary>
/// 执行带参数的增删改SQL语句或存储过程
/// </summary>
/// <param name="cmdText">增删改SQL语句或存储过程</param>
/// <param name="ct">命令类型</param>
/// <returns></returns>
public int ExecuteNonQuery(string cmdText, SqlParameter[] paras, CommandType ct)
{
int res;
using (cmd = new SqlCommand(cmdText, GetConn()))
{
cmd.CommandType = ct;
cmd.Parameters.AddRange(paras);
res = cmd.ExecuteNonQuery();
}
return res;
}
/// <summary>
/// 执行带参数的增删改SQL语句或存储过程
/// </summary>
/// <param name="cmdText">增删改SQL语句或存储过程</param>
/// <param name="ct">命令类型</param>
/// <returns></returns>
public int ExecuteNonQuery(string cmdText, SqlParameter[] paras, CommandType ct)
{
int res;
using (cmd = new SqlCommand(cmdText, GetConn()))
{
cmd.CommandType = ct;
cmd.Parameters.AddRange(paras);
res = cmd.ExecuteNonQuery();
}
return res;
}
DAL层
DAL层
public bool Insert(Comment c)
{
bool flag = false;
string sql = "insert into comment([content],userIp, newsId) values(@content,@userIp,@newsId)";
SqlParameter[] paras = new SqlParameter[] {
new SqlParameter("@content", c.Content),
new SqlParameter("@userIp", c.UserIp),
new SqlParameter("@newsId", c.NewsId)
};
int res = sqlhelper.ExecuteNonQuery(sql, paras, CommandType.Text);
if (res > 0)
{
flag = true;
}
return flag;
}
public bool Insert(Comment c)
{
bool flag = false;
string sql = "insert into comment([content],userIp, newsId) values(@content,@userIp,@newsId)";
SqlParameter[] paras = new SqlParameter[] {
new SqlParameter("@content", c.Content),
new SqlParameter("@userIp", c.UserIp),
new SqlParameter("@newsId", c.NewsId)
};
int res = sqlhelper.ExecuteNonQuery(sql, paras, CommandType.Text);
if (res > 0)
{
flag = true;
}
return flag;
}
BLL层
BLL层
增加新闻#region 增加新闻
/**//// <summary>
/// 增加新闻
/// </summary>
/// <param name="n">新闻实体现</param>
/// <returns></returns>
public bool Insert(News n)
{
return ndao.Insert(n);
}
#endregion
增加新闻#region 增加新闻
/**//// <summary>
/// 增加新闻
/// </summary>
/// <param name="n">新闻实体现</param>
/// <returns></returns>
public bool Insert(News n)
{
return ndao.Insert(n);
}
#endregion
WEB层
WEB层
//添加新闻按钮
protected void btnAdd_Click(object sender, EventArgs e)
{
string title = txtTitle.Text.Trim();
string content = ftbContent.Text.Trim();
string caid = ddlCategory.SelectedValue;
News n = new News(title, content, caid);
bool b = new NewsManager().Insert(n);
if (b)
{
Page.ClientScript.RegisterStartupScript(Page.GetType(), "message", "<script language='javascript' defer>alert('新闻添加成功!');</script>");
}
else
{
Page.ClientScript.RegisterStartupScript(Page.GetType(), "message", "<script language='javascript' defer>alert('新闻添加失败,请联系管理员!');</script>");
}
// 清空标题和内容
txtTitle.Text = "";
ftbContent.Text = "";
}
//添加新闻按钮
protected void btnAdd_Click(object sender, EventArgs e)
{
string title = txtTitle.Text.Trim();
string content = ftbContent.Text.Trim();
string caid = ddlCategory.SelectedValue;
News n = new News(title, content, caid);
bool b = new NewsManager().Insert(n);
if (b)
{
Page.ClientScript.RegisterStartupScript(Page.GetType(), "message", "<script language='javascript' defer>alert('新闻添加成功!');</script>");
}
else
{
Page.ClientScript.RegisterStartupScript(Page.GetType(), "message", "<script language='javascript' defer>alert('新闻添加失败,请联系管理员!');</script>");
}
// 清空标题和内容
txtTitle.Text = "";
ftbContent.Text = "";
}
MODEL层—实体层
MODEL层—实体层
namespace Model
{
/// <summary>
/// 新闻实体类
/// </summary>
public class News
{
private string id;
/// <summary>
/// 主键,自增
/// </summary>
public string Id
{
get { return id; }
set { id = value; }
}
private string title;
/// <summary>
/// 新闻标题
/// </summary>
public string Title
{
get { return title; }
set { title = value; }
}
private string content;
/// <summary>
/// 新闻内容
/// </summary>
public string Content
{
get { return content; }
set { content = value; }
}
private string createTime;
/// <summary>
/// 新闻发表时间
/// </summary>
public string CreateTime
{
get { return createTime; }
set { createTime = value; }
}
private string caId;
/// <summary>
/// 新闻所属类别ID
/// </summary>
public string CaId
{
get { return caId; }
set { caId = value; }
}
public News() { }
public News(string title, string content, string caid)
{
this.title = title;
this.content = content;
this.caId = caid;
}
public News(string id, string title, string content, string caid)
{
this.id = id;
this.title = title;
this.content = content;
this.caId = caid;
}
}
}
namespace Model
{
/// <summary>
/// 新闻实体类
/// </summary>
public class News
{
private string id;
/// <summary>
/// 主键,自增
/// </summary>
public string Id
{
get { return id; }
set { id = value; }
}
private string title;
/// <summary>
/// 新闻标题
/// </summary>
public string Title
{
get { return title; }
set { title = value; }
}
private string content;
/// <summary>
/// 新闻内容
/// </summary>
public string Content
{
get { return content; }
set { content = value; }
}
private string createTime;
/// <summary>
/// 新闻发表时间
/// </summary>
public string CreateTime
{
get { return createTime; }
set { createTime = value; }
}
private string caId;
/// <summary>
/// 新闻所属类别ID
/// </summary>
public string CaId
{
get { return caId; }
set { caId = value; }
}
public News() { }
public News(string title, string content, string caid)
{
this.title = title;
this.content = content;
this.caId = caid;
}
public News(string id, string title, string content, string caid)
{
this.id = id;
this.title = title;
this.content = content;
this.caId = caid;
}
}
}
引 牛腩新闻发布系统
--------------------------------------------------------------------------
今天,明天就在此刻!此刻奋斗,今天耕耘,明天收获,明天辉煌!此刻放弃, 今天无为,明天饥饿,明天黯淡!
JimmyCai