你好,
我的问题非常简单。我在Umbraco MVC4应用程序中有一个Controller类。我正在为umbraco7开发一个定制的导入/导出插件。
问题不在于代码不起作用,而是SQL查询没有被击中。
虽然foreach循环是:
这是我的代码块:
使用UmbracoImportExportPlugin 。楷模; 使用System; 使用System.Collections.Generic; 使用System.IO; 使用System.Linq; 使用System.Net; 使用System.Web; 使用System.Web.Mvc; 使用Umbraco.Core.Persistence; 使用Umbraco.Web; 使用Umbraco.Web.WebApi; namespace UmbracoImportExportPlugin.App_Code { public class ImportNewDictionaryController:UmbracoAuthorizedApiController { public string basePath; //找到特定路径 public void LocatePath() { this.basePath = System.Web.Hosting.HostingEnvironment.MapPath(@" / upload" ); } [System.Web.Http.AcceptVerbs(" GET"," POST")] // [System.Web.Http.HttpPost] public void SaveFile() { var myContext = Request.TryGetHttpContext(); List< string> keys = new List< string>(); if(myContext.Success) { HttpPostedFileBase myFile = myContext.Result.Request.Files [" file"]; if(myFile == null) {抛出新的HttpException("无效文件"); } else { StreamReader csvreader = new StreamReader(myFile.InputStream); while(!csvreader.EndOfStream) { var line = csvreader.ReadLine(); if(line!=" Key") keys.Add(line); } } UmbracoDatabase db = ApplicationContext.DatabaseContext.Database; var remove = new Sql(" DELETE FROM cmsDictionary"); int rem = db.Execute(remove); foreach(键中的字符串项) { var insert = new Sql(" INSERT INTO cmsDictionary VALUES(NEWID(),null,'" + item +" ;')"); int res = db.Execute(insert); } } } [System.Web.Http.AcceptVerbs(" GET"," POST")] public void SaveLT () { List< string> id = new List< string>(); var myContext = Request.TryGetHttpContext(); List< string> data = new List< string>(); if(myContext.Success) { HttpPostedFileBase myFile = myContext.Result.Request.Files [" file"]; if(myFile == null) {抛出新的HttpException("无效文件"); } else { StreamReader csvreader = new StreamReader(myFile.InputStream); while(!csvreader.EndOfStream) { var line = csvreader.ReadLine(); if(line!=" Value") data.Add(line); } } UmbracoDatabase db = ApplicationContext.DatabaseContext.Database; var remove = new Sql(" DELETE FROM cmsLanguageText"); int rem = db.Execute(remove); for(var i = 1; i< 142; i ++) { foreach(数据中的字符串lang) { foreach(id中的字符串ident) { Int32.Parse(ident); var insertNew = new Sql(" INSERT INTO cmsLanguageText(languageId,UniqueId,value)VALUES(" + ident +",NEWID(),'" + lang +"')"); int res = db.Execute(insertNew); } } } } } public List< int> getList() { UmbracoDatabase db = ApplicationContext.DatabaseContext.Database; var select = new Sql(" SELECT [id] FROM umbracoLanguage;"); List< int> id = new List< int>(); id = db.Fetch< int>(select); 返回id; } } }请注意这是Umbraco的插件,在你提到我的代码存在SQL风险之前注入,唯一可以访问此功能的人是Back Office用户。当插件准备好部署时,安全性将会更新。
解决方案
forums.asp/1146.aspx/1?MVC
论坛是您应该发布的地方。
Hi there,
My issue is pretty simple. I have a Controller Class within an Umbraco MVC4 application. I'm developing a bespoke import/export plugin for umbraco7.
The issue is not that the code isn't working, it's more that the SQL query isn't being hit.
although the foreach loops are:
Here is my code block:
using UmbracoImportExportPlugin.Models; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Net; using System.Web; using System.Web.Mvc; using Umbraco.Core.Persistence; using Umbraco.Web; using Umbraco.Web.WebApi; namespace UmbracoImportExportPlugin.App_Code { public class ImportNewDictionaryController : UmbracoAuthorizedApiController { public string basePath; //Locate specific path public void LocatePath() { this.basePath = System.Web.Hosting.HostingEnvironment.MapPath(@"/upload"); } [System.Web.Http.AcceptVerbs("GET", "POST")] //[System.Web.Http.HttpPost] public void SaveFile() { var myContext = Request.TryGetHttpContext(); List<string> keys = new List<string>(); if (myContext.Success) { HttpPostedFileBase myFile = myContext.Result.Request.Files["file"]; if (myFile == null) { throw new HttpException("invalid file"); } else { StreamReader csvreader = new StreamReader(myFile.InputStream); while (!csvreader.EndOfStream) { var line = csvreader.ReadLine(); if (line != "Key") keys.Add(line); } } UmbracoDatabase db = ApplicationContext.DatabaseContext.Database; var remove = new Sql("DELETE FROM cmsDictionary"); int rem = db.Execute(remove); foreach (string item in keys) { var insert = new Sql("INSERT INTO cmsDictionary VALUES (NEWID(), null,'" + item + "')"); int res = db.Execute(insert); } } } [System.Web.Http.AcceptVerbs("GET", "POST")] public void SaveLT() { List<string> id = new List<string>(); var myContext = Request.TryGetHttpContext(); List<string> data = new List<string>(); if (myContext.Success) { HttpPostedFileBase myFile = myContext.Result.Request.Files["file"]; if (myFile == null) { throw new HttpException("invalid file"); } else { StreamReader csvreader = new StreamReader(myFile.InputStream); while (!csvreader.EndOfStream) { var line = csvreader.ReadLine(); if (line != "Value") data.Add(line); } } UmbracoDatabase db = ApplicationContext.DatabaseContext.Database; var remove = new Sql("DELETE FROM cmsLanguageText"); int rem = db.Execute(remove); for (var i = 1; i < 142; i++ ) { foreach (string lang in data) { foreach (string ident in id) { Int32.Parse(ident); var insertNew = new Sql("INSERT INTO cmsLanguageText (languageId, UniqueId, value) VALUES (" + ident + " , NEWID() , '" + lang + "')"); int res = db.Execute(insertNew); } } } } } public List<int> getList() { UmbracoDatabase db = ApplicationContext.DatabaseContext.Database; var select = new Sql("SELECT [id] FROM umbracoLanguage;"); List<int> id = new List<int>(); id = db.Fetch<int>(select); return id; } } }Please note this is a plugin for Umbraco, before you mention that my code is at risk for SQL injection, the only people with access to this would be Back Office users. Security will be updated when the plugin is ready for deployment.
解决方案forums.asp/1146.aspx/1?MVC
The forum is where you should post.
更多推荐
有问题将数据导入数据库表
发布评论