using System; using System.Collections.Generic; using System.Data; using System.Linq; using System.Web; using System.Web.Mvc; using DSWeb.Areas.CommMng.DAL; using DSWeb.Areas.RptMng.Comm; using DSWeb.TruckMng.Helper; using HcUtility.Comm; using Microsoft.Practices.EnterpriseLibrary.Data; using DSWeb.TruckMng.Comm.Cookie; using DSWeb.Areas.CommMng.Models; using DSWeb.EntityDA; using System.Text; using DSWeb.SoftMng.Filter; namespace DSWeb.Areas.RptMng.Controllers { [JsonRequestBehavior] public class MsRptInsureController : Controller { // // GET: /RptMng/MsRptInsure public ActionResult Index() { return View(); } // // GET:/RptMng/MsRptInsure/QryData [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 public ContentResult QryData(int start, int limit, string condition,string sort) { var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), CookieConfig.GetCookie_UserCode(Request), CookieConfig.GetCookie_OrgCode(Request)); if (!string.IsNullOrEmpty(strDa)) { if (!string.IsNullOrEmpty(condition)) { condition = condition + " and " + strDa; } else { condition = strDa; } } var strSql = new StringBuilder(); strSql.Append("select M.BILLNO,M.INSUREBILLNO,M.ORGCODE,M.LOADCOUNT,M.TRUCKNO,M.INSUREBGNDATE,M.INSUREENDDATE, "); strSql.Append("SUM(M.JQXTOTAL) AS JQXTOTAL,SUM(M.CSXTOTAL) AS CSXTOTAL, "); strSql.Append(" SUM(M.SZXTOTAL) AS SZXTOTAL,SUM(M.CYXTOTAL) AS CYXTOTAL,SUM(M.CCSTOTAL) AS CCSTOTAL, "); strSql.Append("SUM(M.BJMPTOTAL) AS BJMPTOTAL,SUM(M.BFTOTAL) AS BFTOTAL"); strSql.Append(" from "); strSql.Append(" (select A.BillNo,A.InsureBillNo,A.OrgCode,A.TruckNo,A.InsureBgnDate,A.InsureEndDate,(select LoadCount from tMsWlTruck where tMsWlTruck.TruckNo=A.TruckNo) as LoadCount, "); strSql.Append("case when B.InsureType='0' then InsureTotal else 0 end as JqxTotal, "); strSql.Append(" case when B.InsureType='1' then InsureTotal else 0 end as CsxTotal,"); strSql.Append("case when B.InsureType='2' then InsureTotal else 0 end as SzxTotal,"); strSql.Append("case when B.InsureType='3' then InsureTotal else 0 end as CyxTotal, "); strSql.Append(" case when B.InsureType='4' then InsureTotal else 0 end as CcsTotal, "); strSql.Append("case when B.InsureType='5' then InsureTotal else 0 end as BjmpTotal,"); strSql.Append("case when B.InsureType='6' then InsureTotal else 0 end as BfTotal "); strSql.Append(" from tMsWlInsureHead A,tMsWlInsureBody B"); strSql.Append(" where A.BillNo=B.BillNo"); if (!string.IsNullOrEmpty(condition)) { strSql.Append(" and " + condition); } strSql.Append(") M "); strSql.Append(" group by M.BillNo,M.InsureBillNo,M.OrgCode,M.LoadCount,M.TruckNo,M.InsureBgnDate,M.InsureEndDate "); var sortstring = DatasetSort.Getsortstring(sort); if (!string.IsNullOrEmpty(sortstring)) { strSql.Append(" order by " + sortstring); } var dbparams = new List(); var paramps_sSQL = new CustomDbParamter(); paramps_sSQL.ParameterName = "@sSQL"; paramps_sSQL.DbType = DbType.String; paramps_sSQL.Direction = ParameterDirection.Input; paramps_sSQL.Value = strSql.ToString(); dbparams.Add(paramps_sSQL); var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsExesqlQry", dbparams, "Result_Set"); var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", true); return new ContentResult() { Content = json }; /* var dbparams = new List(); var paramps_TruckNo = new CustomDbParamter(); paramps_TruckNo.ParameterName = "@PS_TRUCKNO"; paramps_TruckNo.DbType = DbType.String; paramps_TruckNo.Direction = ParameterDirection.Input; paramps_TruckNo.Value = RptHelper.JsonGetValue(condition, "PS_TRUCKNO").ToString(); dbparams.Add(paramps_TruckNo); var paramps_InsureBillNo = new CustomDbParamter(); paramps_InsureBillNo.ParameterName = "@PS_INSUREBILLNO"; paramps_InsureBillNo.DbType = DbType.String; paramps_InsureBillNo.Direction = ParameterDirection.Input; paramps_InsureBillNo.Value = RptHelper.JsonGetValue(condition, "PS_INSUREBILLNO").ToString(); dbparams.Add(paramps_InsureBillNo); var paramps_OrgCode = new CustomDbParamter(); paramps_OrgCode.ParameterName = "@PS_ORGCODE"; paramps_OrgCode.DbType = DbType.String; paramps_OrgCode.Direction = ParameterDirection.Input; paramps_OrgCode.Value = RptHelper.JsonGetValue(condition, "PS_ORGCODE").ToString(); dbparams.Add(paramps_OrgCode); var paramps_InsureBgnDateBgn = new CustomDbParamter(); paramps_InsureBgnDateBgn.ParameterName = "@PS_INSUREBGNDATEBGN"; paramps_InsureBgnDateBgn.DbType = DbType.String; paramps_InsureBgnDateBgn.Direction = ParameterDirection.Input; paramps_InsureBgnDateBgn.Value = RptHelper.JsonGetValue(condition, "PS_INSUREBGNDATEBGN").ToString(); dbparams.Add(paramps_InsureBgnDateBgn); var paramps_InsureBgnDateEnd = new CustomDbParamter(); paramps_InsureBgnDateEnd.ParameterName = "@PS_INSUREBGNDATEEND"; paramps_InsureBgnDateEnd.DbType = DbType.String; paramps_InsureBgnDateEnd.Direction = ParameterDirection.Input; paramps_InsureBgnDateEnd.Value = RptHelper.JsonGetValue(condition, "PS_INSUREBGNDATEEND").ToString(); dbparams.Add(paramps_InsureBgnDateEnd); var paramps_InsureEndDateBgn = new CustomDbParamter(); paramps_InsureEndDateBgn.ParameterName = "@PS_INSUREENDDATEBGN"; paramps_InsureEndDateBgn.DbType = DbType.String; paramps_InsureEndDateBgn.Direction = ParameterDirection.Input; paramps_InsureEndDateBgn.Value = RptHelper.JsonGetValue(condition, "PS_INSUREENDDATEBGN").ToString(); dbparams.Add(paramps_InsureEndDateBgn); var paramps_InsureEndDateEnd = new CustomDbParamter(); paramps_InsureEndDateEnd.ParameterName = "@PS_INSUREENDDATEEND"; paramps_InsureEndDateEnd.DbType = DbType.String; paramps_InsureEndDateEnd.Direction = ParameterDirection.Input; paramps_InsureEndDateEnd.Value = RptHelper.JsonGetValue(condition, "PS_INSUREENDDATEEND").ToString(); dbparams.Add(paramps_InsureEndDateEnd); var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsRptInsure", dbparams, "Result_Set"); var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", true); return new ContentResult() { Content = json }; */ } public static string GetRangDAStr(string tb, string userid, string usercode, string orgcode) { string str = ""; var strSql = new StringBuilder(); strSql.Append("SELECT "); strSql.Append(" VISIBLERANGE,OPERATERANGE "); strSql.Append(" from VW_User_Authority "); strSql.Append(" where [NAME]='modTruckCar' and USERID='" + userid + "' and ISDELETE=0"); string visiblerange = "4"; string operaterange = "4"; Database db = DatabaseFactory.CreateDatabase(); using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString())) { while (reader.Read()) { visiblerange = Convert.ToString(reader["VISIBLERANGE"]); operaterange = Convert.ToString(reader["OPERATERANGE"]); break; } reader.Close(); } if (visiblerange == "4") { str = "1=2"; } else if (visiblerange == "3") { str = " UPPER(A.ORGCODE)='" + orgcode + "'"; } else if (visiblerange == "2") { str = " UPPER(A.ORGCODE)='" + orgcode + "'"; } else if (visiblerange == "1") { str = " UPPER(A.ORGCODE)='" + orgcode + "'"; } return str; } #region 参照部分 #endregion } }