多语言界面软件开发框架 - 初始化多语言时发生单引号错误(解决方案)
多语言界面软件开发框架 - 初始化多语言时发生单引号错误(解决方案)程序初始化多语言时发生单引号错误,如下图:
错误原因:
前端传入单引号文本内容,导致SQL错误。
解决方案:
1. 替换系统数据库(CSFrameworkXX_System.dbo.usp_InitLanguage存储过程
SQL Code:
ALTER PROCEDURE [dbo].[usp_InitLanguage]
@LanType VARCHAR(10),
@ObjectID NVARCHAR(500),
@LanData NVARCHAR(500),
@ItemType VARCHAR(20)
AS
BEGIN
/**********************************************************
程序说明:初始化一条多语言资料
SELECT * FROM dbo.sys_Language
usp_InitLanguage 'CHS','TEST','测试SSS','Control'
usp_InitLanguage 'CHT','TEST','测试TTT','Message'
usp_InitLanguage 'CHT','TE2ST','测''试''TTT','Message'
***********************************************************/
DECLARE @SQL NVARCHAR(MAX),@Value NVARCHAR(500)
IF EXISTS(SELECT * FROM dbo.sys_Language WHERE ObjectID=@ObjectID)
BEGIN
IF @LanType='CHS' UPDATE sys_Language SET CHS=@LanData WHERE ObjectID=@ObjectID
IF @LanType='CHT' UPDATE sys_Language SET CHT=@LanData WHERE ObjectID=@ObjectID
IF @LanType='ENG' UPDATE sys_Language SET ENG=@LanData WHERE ObjectID=@ObjectID
IF @LanType='VN' UPDATE sys_Language SET VN=@LanData WHERE ObjectID=@ObjectID
END
ELSE
BEGIN
IF @LanType='CHS' INSERT INTO sys_Language(ObjectID,ItemType,CHS,CreateTime) VALUES (@ObjectID,@ItemType,@LanData,GETDATE())
IF @LanType='CHT' INSERT INTO sys_Language(ObjectID,ItemType,CHT,CreateTime) VALUES (@ObjectID,@ItemType,@LanData,GETDATE())
IF @LanType='ENG' INSERT INTO sys_Language(ObjectID,ItemType,ENG,CreateTime) VALUES (@ObjectID,@ItemType,@LanData,GETDATE())
IF @LanType='VN' INSERT INTO sys_Language(ObjectID,ItemType,VN,CreateTime) VALUES (@ObjectID,@ItemType,@LanData,GETDATE())
END
END
//来源:C/S框架网 | www.csframework.com | QQ:23404761
ALTER PROCEDURE [dbo].[usp_InitLanguage]
@LanType VARCHAR(10),
@ObjectID NVARCHAR(500),
@LanData NVARCHAR(500),
@ItemType VARCHAR(20)
AS
BEGIN
/**********************************************************
程序说明:初始化一条多语言资料
SELECT * FROM dbo.sys_Language
usp_InitLanguage 'CHS','TEST','测试SSS','Control'
usp_InitLanguage 'CHT','TEST','测试TTT','Message'
usp_InitLanguage 'CHT','TE2ST','测''试''TTT','Message'
***********************************************************/
DECLARE @SQL NVARCHAR(MAX),@Value NVARCHAR(500)
IF EXISTS(SELECT * FROM dbo.sys_Language WHERE ObjectID=@ObjectID)
BEGIN
IF @LanType='CHS' UPDATE sys_Language SET CHS=@LanData WHERE ObjectID=@ObjectID
IF @LanType='CHT' UPDATE sys_Language SET CHT=@LanData WHERE ObjectID=@ObjectID
IF @LanType='ENG' UPDATE sys_Language SET ENG=@LanData WHERE ObjectID=@ObjectID
IF @LanType='VN' UPDATE sys_Language SET VN=@LanData WHERE ObjectID=@ObjectID
END
ELSE
BEGIN
IF @LanType='CHS' INSERT INTO sys_Language(ObjectID,ItemType,CHS,CreateTime) VALUES (@ObjectID,@ItemType,@LanData,GETDATE())
IF @LanType='CHT' INSERT INTO sys_Language(ObjectID,ItemType,CHT,CreateTime) VALUES (@ObjectID,@ItemType,@LanData,GETDATE())
IF @LanType='ENG' INSERT INTO sys_Language(ObjectID,ItemType,ENG,CreateTime) VALUES (@ObjectID,@ItemType,@LanData,GETDATE())
IF @LanType='VN' INSERT INTO sys_Language(ObjectID,ItemType,VN,CreateTime) VALUES (@ObjectID,@ItemType,@LanData,GETDATE())
END
END
//来源:C/S框架网 | www.csframework.com | QQ:23404761
2. 修改LanDatabase.cs Get方法
C# Code:
//将一个单引号变成两个(跟SQL语法是一样的).
//所以在使用Select方法或DataView的时候,一定要注意把字符条件值的一个单引号改成两个单引号,执行
if (objectID.IndexOf("'") >= 0) objectID = objectID.Replace("'", "''");
DataRow[] rs = _languageData.Select("ObjectID='" + objectID + "'");
//来源:C/S框架网 | www.csframework.com | QQ:23404761
//所以在使用Select方法或DataView的时候,一定要注意把字符条件值的一个单引号改成两个单引号,执行
if (objectID.IndexOf("'") >= 0) objectID = objectID.Replace("'", "''");
DataRow[] rs = _languageData.Select("ObjectID='" + objectID + "'");
//来源:C/S框架网 | www.csframework.com | QQ:23404761
适应版本:
CSFramework标准版V2.3
CSFramework旗舰版V5.0
扫一扫加微信
版权声明:本文为开发框架文库发布内容,转载请附上原文出处连接
NewDoc C/S框架网
