关于业务层一些参数话语句应该如何写。高手帮忙
0
[待解决问题]
如下三段代码。应该如何使用参数话来实现。。想了很久。。好像不太好实现。但是有不想这样直接写。怕被注入。请问各位高手。有没有其他办法可以解决这个问题。
/// <summary>
/// 获得数据列表
/// </summary>
public DataSet GetList(string strWhere)
{
StringBuilder strSql = new StringBuilder();
strSql.Append("select GroupID,GroupName,Discount,MinScore,IcoPicUrl,LevelID,IsDefault,IsShowPrice,CreateDate,Ord ");
strSql.Append(" FROM Vo_UserGroup ");
if (strWhere.Trim() != "")
{
strSql.Append(" where " + strWhere);
}
return DbHelperSQL.Query(strSql.ToString());
}
/// <summary>
/// 获得前几行数据
/// </summary>
public DataSet GetList(int Top, string strWhere, string filedOrder)
{
StringBuilder strSql = new StringBuilder();
strSql.Append("select ");
if (Top > 0)
{
strSql.Append(" top " + Top.ToString());
}
strSql.Append(" GroupID,GroupName,Discount,MinScore,IcoPicUrl,LevelID,IsDefault,IsShowPrice,CreateDate,Ord ");
strSql.Append(" FROM Vo_UserGroup ");
if (strWhere.Trim() != "")
{
strSql.Append(" where " + strWhere);
}
strSql.Append(" order by " + filedOrder);
return DbHelperSQL.Query(strSql.ToString());
}
/// <summary>
/// 批量删除数据
/// </summary>
/// <param name="GroupIDlist">用逗号分隔的ID,如(1,2,3)</param>
/// <returns>bool(删除是否成功)</returns>
public bool DeleteList(string GroupIDlist)
{
string[] ids = GroupIDlist.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
//检测传入的ID是否为空
if (ids.Length < 1)
{
return false;
}
string stridwhere=string.Empty;
foreach (string id in ids)
{
stridwhere = stridwhere + " GroupID = " + id + " or ";
}
if (!string.IsNullOrEmpty(stridwhere))
{
stridwhere = stridwhere.Substring(0, stridwhere.Length - 3);
}
StringBuilder strSql = new StringBuilder();
strSql.Append("delete from Vo_UserGroup ");
strSql.Append(" where "+stridwhere);
int rows = DBHelper.ExecuteNonQuery(CommandType.Text, strSql.ToString(), null);
if (rows > 0)
{
return true;
}
else
{
return false;
}
}
