码迷,mamicode.com
首页 > 数据库 > 详细

ASP.NET 数据库页面访问简单工具

时间:2015-09-23 15:06:50      阅读:235      评论:0      收藏:0      [点我收藏+]

标签:

 

在工作中,有很多项目已上线后,很多项目的数据库服务器都不会对外开放的,外网想直接访问客户数据库服务器时,可能会出现困难。

 这时就需要一个可以查询,更新数据库操作的页面了;

 本来用sql语句直接操作数据库数据是不好的,所以此页面工具只针对已经非常熟悉数据库结构的人来使用,因为可以执行更新/修改语句,请慎用。

 目前没对这个页面做任何的访问限制,出于对数据的安全性考虑,强烈建议对本页面的访问做访问限制处理!

 

<%@ Page Language="C#" %>  
  
<%@ Import Namespace="System" %>  
<%@ Import Namespace="System.Data" %>  
<%@ Import Namespace="System.Data.SqlClient" %>  
<%@ Import Namespace="System.Collections.Generic" %>  
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">  
<script runat="server">  
  
    /// <summary>  
    /// 【数据库连接字符串】  
    /// 注意:在这里需与webconfig里的数据库连接字符串配置节一致;  
    /// </summary>  
    //protected string Connection = ConfigurationManager.ConnectionStrings["sqlserver"].ConnectionString;      
    protected string Connection = "Data Source=.;Initial Catalog=TableTest;Persist Security Info=True;User ID=sa;Password=123456;";
    /// <summary>  
    /// 所有数据表,前台js使用  
    /// </summary>  
    protected string DataTables { get; set; }  
    /// <summary>  
    /// 所有字段,前台js使用  
    /// </summary>  
    protected string Fields { get; set; }  
  
    /// <summary>  
    ///     判断连接是否成功!  
    /// </summary>  
    /// <param name="con"> 链接字符串</param>  
    /// <returns>true 表示链接成功,false表示连接失败</returns>  
    public static string CheckConnection(string con)  
    {  
        string status = "";  
        var conn = new SqlConnection(con);  
        try  
        {  
            conn.Open();  
            status = "true|";  
        }  
        catch (Exception ex)  
        {  
            status = "false|" + ex.Message;  
        }  
        finally  
        {  
            conn.Close();  
        }  
        return status;  
    }  
    protected void Page_Load(object sender, EventArgs e)  
    {  
        if (CheckConnection(Connection).ToLower().StartsWith("false"))  
        {  
            Response.Clear();  
            Response.Write("<span style=‘color:red‘>对不起,数据库链接失败.<br/><br/>请检查数据库链接:\"" + Connection + "\" 是否正确!</span>");  
            Response.End();  
        }  
        else  
        {  
            //所有表  
            if (Cache.Get("tables") == null)  
            {  
                List<string> tables = GetTableNames(Connection);  
                DataTables = "[";  
                foreach (string table in tables)  
                {  
                    DataTables += "‘" + table + "‘,";  
                }  
                DataTables = DataTables.TrimEnd(‘,‘);  
                DataTables += "]";  
                Cache.Insert("tables", DataTables);  
            }  
            else  
            {  
                DataTables = Cache.Get("tables").ToString();  
            }  
  
            //所有字段  
            if (Cache.Get("fields") == null)  
            {  
                DataTable fields = GetFileds(Connection);  
                Fields = "[";  
                foreach (DataRow row in fields.Rows)  
                {  
                    Fields += "{tName:‘" + row["表名"] + "‘,fName:‘" + row["字段名"] + "‘},";  
                }  
                Fields = Fields.TrimEnd(‘,‘);  
                Fields += "]";  
                Cache.Insert("fields", Fields);  
            }  
            else  
            {  
                Fields = Cache.Get("fields").ToString();  
            }  
  
            if (!IsPostBack)  
            {  
            }  
        }  
    }  
  
    #region 查询  
  
    /// <summary>  
    /// 需过滤掉的关键字  
    /// </summary>  
    public static string[] ForbidSqlKeyword = { "ALTER", "UPDATE", "DELETE", "DROP", "CREATE", "COMMIT" };  
  
    public static bool IsContainDangerWords(string sql)  
    {  
        bool haveForbidWord = false;  
        sql = sql.ToLower().Replace("\r", " ").Replace("\n", " ");  
        string[] sqlWordArr = sql.Split(new[] { " " }, StringSplitOptions.RemoveEmptyEntries);  
        foreach (string word in sqlWordArr)  
        {  
            foreach (string forbidWord in ForbidSqlKeyword)  
            {  
                if (String.Compare(forbidWord.Trim(), word.Trim(), StringComparison.OrdinalIgnoreCase) == 0)  
                {  
                    haveForbidWord = true;  
                    break;  
                }  
            }  
        }  
        return haveForbidWord;  
    }  
  
    /// <summary>  
    /// 查询  
    /// </summary>  
    /// <param name="sender"></param>  
    /// <param name="e"></param>  
    private void BtnQueryClick(object sender, EventArgs e)  
    {  
        string sql = txtSql.Text.Trim();  
        if (!IsContainDangerWords(sql))  
        {  
            DataTable data = ExcuteDataTable(sql, Connection);  
            string html = GetHtmlTable(data);  
            ltrResult.Text = html;  
        }  
        else  
        {  
            var dt = new DataTable();  
            dt.Columns.Add("执行结果");  
            DataRow row = dt.NewRow();  
            row["执行结果"] = "<span class=‘fail‘>查询语句中含有修改数据相关的关键字,操作已忽略</span>";  
            dt.Rows.Add(row);  
            string html = GetHtmlTable(dt);  
            ltrResult.Text = html;  
        }  
    }  
  
    #endregion  
  
    #region 执行  
  
    /// <summary>  
    /// 执行  
    /// </summary>  
    /// <param name="sender"></param>  
    /// <param name="e"></param>  
    private void BtnExcuteClick(object sender, EventArgs e)  
    {  
        var dt = new DataTable();  
        string sql = txtSql.Text.Trim();  
        try  
        {  
            if (Execute(sql, Connection))  
            {  
                dt.Columns.Add("执行结果");  
                DataRow row = dt.NewRow();  
                row["执行结果"] = "<span class=‘sucess‘>执行成功</span>";  
                dt.Rows.Add(row);  
            }  
            else  
            {  
                dt.Columns.Add("执行结果");  
                DataRow row = dt.NewRow();  
                row["执行结果"] = "<span class=‘fail‘>执行失败</span>";  
                dt.Rows.Add(row);  
            }  
        }  
        catch (Exception ex)  
        {  
            dt.Columns.Add("异常信息");  
            DataRow row = dt.NewRow();  
            row["异常信息"] = ex.Message;  
            dt.Rows.Add(row);  
        }  
        string html = GetHtmlTable(dt);  
        ltrResult.Text = html;  
    }  
  
    #endregion  
  
    #region 执行SQL语句返回DataTable  
  
    /// <summary>  
    ///     执行SQL语句返回DataTable  
    /// </summary>  
    /// <param name="sql"></param>  
    /// <param name="con"></param>  
    /// <returns></returns>  
    public static DataTable ExcuteDataTable(string sql, string con)  
    {  
        var cmd = new SqlCommand();  
        var connection = new SqlConnection(con);  
        try  
        {  
            using (connection)  
            {  
                cmd.Connection = connection;  
                cmd.CommandText = sql;  
                connection.Open();  
                var da = new SqlDataAdapter(cmd);  
                var ds = new DataSet();  
                da.Fill(ds);  
                return ds.Tables[0];  
            }  
        }  
        catch (Exception ex)  
        {  
            var dt = new DataTable();  
            dt.Columns.Add("异常信息");  
            DataRow row = dt.NewRow();  
            row["异常信息"] = ex.Message;  
            dt.Rows.Add(row);  
            return dt;  
        }  
    }  
  
    #endregion  
  
    #region DataSet转换为Html表格  
  
    /// <summary>  
    /// 将DataSet转换为Html表格  
    /// </summary>  
    /// <param name="dt"></param>  
    /// <returns></returns>  
    public static string GetHtmlTable(DataTable dt)  
    {  
        var html = new StringBuilder();  
        if (dt.Rows.Count == 0)  
        {  
            html.Append(  
                @"<table class=‘data‘  cellspacing=‘1‘ cellpadding=‘0‘ border=‘1‘ style=‘width: 100%;‘>  
                                                            <tbody>  
                                                                <tr class=‘tdbg‘ align=‘center‘ style=‘height: 100px;‘>  
                                                                    <td colspan=‘12‘>  
                                                                        没有任何记录!  
                                                                    </td>  
                                                                </tr>  
                                                            </tbody>  
                                                        </table>");  
        }  
        else  
        {  
            #region 表头行  
  
            html.Append(@"<table class=‘data‘ cellspacing=‘1‘ cellpadding=‘0‘ border=‘1‘  style=‘width: 100%;‘>");  
            html.Append(@"<tr class=‘gridtitle‘>");  
            foreach (DataColumn columns in dt.Columns)  
            {  
                string title = columns.ColumnName;  
                html.Append(string.Format(@"<th scope=‘col‘ class=‘data_th‘>{0}</th>", title));  
            }  
            html.Append(@"</tr>");  
  
            #endregion  
  
            #region 表数据行  
  
            foreach (DataRow row in dt.Rows)  
            {  
                html.Append(string.Format("<tr class=‘data_tr‘>"));  
                foreach (DataColumn columns in dt.Columns)  
                {  
                    string cellValue = row[columns.ColumnName].ToString();  
                    html.Append(string.Format("<td class=‘data_td‘>{0}</td>", cellValue));  
                }  
                html.Append(@"</tr>");  
            }  
  
            #endregion  
  
            #region 表尾  
  
            html.Append(string.Format("<tr class=‘data_tr‘>"));  
            html.Append(string.Format("<td  class=‘data_td‘ colspan=‘{0}‘>合计:{1}条记录</td>", dt.Columns.Count,  
                                      dt.Rows.Count));  
            html.Append(@"</tr>");  
            html.Append(@"</table>");  
  
            #endregion  
        }  
        return html.ToString();  
    }  
  
    #endregion  
  
    #region 执行不带参数sql语句  
  
    /// <summary>  
    ///     执行不带参数sql语句  
    /// </summary>  
    /// <param name="sql">增,删,改sql语句</param>  
    /// <param name="con"></param>  
    /// <returns>返回所影响的行数</returns>  
    public static bool Execute(string sql, string con)  
    {  
        var cmd = new SqlCommand();  
        var connection = new SqlConnection(con);  
        try  
        {  
            using (connection)  
            {  
                cmd.Connection = connection;  
                cmd.CommandText = sql;  
                connection.Open();  
                cmd.ExecuteNonQuery();  
                return true;  
            }  
        }  
        catch (Exception)  
        {  
            return false;  
        }  
    }  
  
    #endregion  
  
    /// <summary>  
    ///     获取指定数据库中所有表的名字;  
    /// </summary>   
    /// <param name="con">连接字符串</param>  
    /// <returns>所有表名的集合</returns>  
    public static List<string> GetTableNames(string con)  
    {  
        var tableNames = new List<string>();  
        try  
        {  
            var regex = new Regex(  
                "(?i)(Initial Catalog|database)=(?<database>[^;]*);",  
                RegexOptions.CultureInvariant  
                | RegexOptions.Compiled  
                );  
            Group database = regex.Match(con).Groups["database"];  
            string sql =  
                "SELECT  SYSOBJECTS.NAME   FROM   SYSOBJECTS,MASTER..SYSDATABASES T  WHERE TYPE=‘U‘AND T.NAME=‘" +  
                database + "‘ ORDER BY SYSOBJECTS.NAME ASC";  
            var cmd = new SqlCommand();  
            var sqlcon = new SqlConnection(con);  
            using (sqlcon)  
            {  
                cmd.Connection = sqlcon;  
                cmd.CommandText = sql;  
                sqlcon.Open();  
                SqlDataReader sdr = cmd.ExecuteReader();  
                while (sdr.Read())  
                {  
                    tableNames.Add(sdr[0].ToString());  
                }  
            }  
        }  
        catch (Exception ex)  
        {  
            tableNames.Add("异常:" + ex.Message);  
        }  
        return tableNames;  
    }  
  
    /// <summary>  
    /// 取得所有字段  
    /// </summary>  
    /// <param name="connection"></param>  
    /// <returns></returns>  
    public DataTable GetFileds(string connection)  
    {  
        const string sql = @"   
SELECT 表名 = O.name,  
       字段名 = C.name,
	   类型=T.name,
	   字段长度= T.max_length
FROM   sys.columns C  
       INNER JOIN sys.objects O  
            ON  C.[object_id] = O.[object_id]  
            AND O.type = ‘U‘  
            AND O.is_ms_shipped = 0  
       INNER JOIN sys.types T  
            ON  C.user_type_id = T.user_type_id  
       LEFT JOIN sys.default_constraints D  
            ON  C.[object_id] = D.parent_object_id  
            AND C.column_id = D.parent_column_id  
            AND C.default_object_id = D.[object_id]  
       LEFT JOIN sys.extended_properties PFD  
            ON  PFD.class = 1  
            AND C.[object_id] = PFD.major_id  
            AND C.column_id = PFD.minor_id  
       LEFT JOIN sys.extended_properties PTB  
            ON  PTB.class = 1  
            AND PTB.minor_id = 0  
            AND C.[object_id] = PTB.major_id  
       LEFT JOIN -- 索引及主键信息    
            (  
                SELECT IDXC.[object_id],  
                       IDXC.column_id,  
                       Sort = CASE INDEXKEY_PROPERTY(  
                                       IDXC.[object_id],  
                                       IDXC.index_id,  
                                       IDXC.index_column_id,  
                                       ‘IsDescending‘  
                                   )  
                                   WHEN 1 THEN ‘DESC‘  
                                   WHEN 0 THEN ‘ASC‘  
                                   ELSE ‘‘  
                              END,  
                       PrimaryKey = CASE   
                                         WHEN IDX.is_primary_key = 1 THEN N‘√‘  
                                         ELSE N‘‘  
                                    END,  
                       IndexName = IDX.Name  
                FROM   sys.indexes IDX  
                       INNER JOIN sys.index_columns IDXC  
                            ON  IDX.[object_id] = IDXC.[object_id]  
                            AND IDX.index_id = IDXC.index_id  
                       LEFT JOIN sys.key_constraints KC  
                            ON  IDX.[object_id] = KC.[parent_object_id]  
                            AND IDX.index_id = KC.unique_index_id  
                       INNER JOIN -- 对于一个列包含多个索引的情况,只显示第个索引信息    
                            (  
                                SELECT [object_id],  
                                       Column_id,  
                                       index_id = MIN(index_id)  
                                FROM   sys.index_columns  
                                GROUP BY  
                                       [object_id],  
                                       Column_id  
                            ) IDXCUQ  
                            ON  IDXC.[object_id] = IDXCUQ.[object_id]  
                            AND IDXC.Column_id = IDXCUQ.Column_id  
                            AND IDXC.index_id = IDXCUQ.index_id  
            ) IDX  
            ON  C.[object_id] = IDX.[object_id]  
            AND C.column_id = IDX.column_id  
ORDER BY  
       O.name,  
       C.column_id";  
        return ExcuteDataTable(sql, Connection);  
    }  
  
  
</script>  
<html xmlns="http://www.w3.org/1999/xhtml">  
<head id="Head1" runat="server">  
    <title>数据库查询工具1.0</title>  
    <script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"> </script>  
    <style type="text/css">  
        body { font-size: 12px; }  
        td, th { border: 1px solid gray; border-collapse: collapse; display: table-cell; line-height: 22px; vertical-align: inherit; }  
        table { border-bottom-width: 0px; border-collapse: collapse; border-color: gray; border-color: gray; border-left-width: 0px; border-right-width: 0px; border-spacing: 0px; border-spacing: 0px; border-spacing: 2px; border-top-width: 0px; display: table; }  
        fieldset { border: 1px solid gray; margin-bottom: 10px; padding: 8px; }  
        .demo_title { background-color: lightgray; }  
        .result { max-height: 400px; max-width: 100%; overflow: auto; }  
        .data_th { background-color: #D3D8E0; }  
        .data_td { padding-left: 5px; }  
        .fail { color: red; font-weight: bold; }  
        .sucess { color: green; font-weight: bold; }  
        .demo_main { }  
        .demo_content { }  
        .keyword { background-color: lavender; border: 1px dashed darkgray; border-radius: 4px; cursor: pointer; margin-right: 10px; padding: 5px; }  
        textarea { -moz-box-shadow: 1px 1px 0 #E7E7E7; -moz-box-sizing: border-box; border-color: #CCCCCC #999999 #999999 #CCCCCC; border-style: solid; border-width: 1px; font-family: arial, sans-serif; font-size: 13px; height: 160px; margin: 10px auto; outline-color: -moz-use-text-color; outline-style: none; outline-width: medium; padding: 2px; width: 100%; }  
        select { height: 25px; border: 1px solid lightgray; }  
    </style>  
</head>  
<body>  
    <form id="form1" runat="server">  
    <asp:ScriptManager ID="ScriptManager1" runat="server">  
    </asp:ScriptManager>  
    <div class="demo_main">  
        <fieldset class="demo_title">  
            数据库管理工具_V1.0  
        </fieldset>  
        <fieldset class="demo_content">  
            <legend>查询语句: </legend>  
            <asp:TextBox runat="server" ID="txtSql" Style="text-transform: uppercase" TextMode="MultiLine"  
                Width="99%" Height="100"></asp:TextBox>  
            <p style="margin: 0; padding: 8px 0 0 0;">  
                可用表名:  
                <select id="selectTables" style="width: 200px;">  
                </select>  
                可用字段:  
                <select id="selectFields" style="width: 200px;">  
                    <option>请选择表名</option>  
                </select>  
                可用变量: <span class="keyword">SELECT</span><span class="keyword">TOP</span><span class="keyword">100</span><span  
                    class="keyword">*</span><span class="keyword">FROM</span><span class="keyword">DELETE</span><span  
                        class="keyword">UPDATE </span><span class="keyword">CREATE</span>  
            </p>  
        </fieldset>  
        <asp:UpdatePanel ID="UpdatePanel1" runat="server">  
            <ContentTemplate>  
                <fieldset class="demo_content">  
                    <legend>操作选项</legend>  
                    <asp:Button runat="server" ID="btnQuery" Text="查询" OnClick="BtnQueryClick" />  
                    <asp:Button runat="server" ID="btnExcute" Text="执行" OnClientClick=" return confirm(‘确定SQL语句正确并立即执行吗?‘) "  
                        OnClick="BtnExcuteClick" />  
                    <asp:UpdateProgress ID="UpdateProgress1" runat="server">  
                        <ProgressTemplate>  
                            <asp:Label ForeColor="green" runat="server" ID="lblStatus" Text="处理中,请稍候..." />  
                        </ProgressTemplate>  
                    </asp:UpdateProgress>  
                </fieldset>  
                <fieldset class="demo_content">  
                    <legend>查询结果:</legend>  
                    <div class="result">  
                        <asp:Literal runat="server" ID="ltrResult"></asp:Literal>  
                    </div>  
                </fieldset>  
            </ContentTemplate>  
        </asp:UpdatePanel>  
    </div>  
    <script type="text/javascript">  
        //====================================在文本框指定位置插入值=======================================  
        (function ($) {  
            $.fn.extend({  
                insertAtCaret: function (myValue) {  
                    var $t = $(this)[0];  
                    if (document.selection) {  
                        this.focus();  
                        var sel = document.selection.createRange();  
                        sel.text = myValue;  
                        this.focus();  
                    } else if ($t.selectionStart || $t.selectionStart == ‘0‘) {  
                        var startPos = $t.selectionStart;  
                        var endPos = $t.selectionEnd;  
                        var scrollTop = $t.scrollTop;  
                        $t.value = $t.value.substring(0, startPos) + myValue + $t.value.substring(endPos, $t.value.length);  
                        this.focus();  
                        $t.selectionStart = startPos + myValue.length;  
                        $t.selectionEnd = startPos + myValue.length;  
                        $t.scrollTop = scrollTop;  
                    } else {  
                        this.value += myValue;  
                        this.focus();  
                    }  
                }  
            });  
        })(jQuery);  
        //==================================================================================  
        var tables = "<%= DataTables %>";  
        var fields = "<%= Fields %>";  
        $(function () {  
            tables = eval(tables);  
  
            for (var i = 0; i < tables.length; i++) {  
                $("#selectTables").append("<option>" + tables[i] + "</option>");  
            }  
  
            //选择表  
            $("#selectTables").change(function () {  
                var table = $(this).val();  
                fields = eval(fields);  
                $("#selectFields").empty();  
                for (var i = 0; i < fields.length; i++) {  
                    if (fields[i].tName == table) {  
                        $("#selectFields").append("<option>" + fields[i].fName + "</option>");  
                    }  
                }  
                $("#<%= txtSql.ClientID %>").insertAtCaret(" " + table + " ");  
            });  
  
            //选择字段  
            $("#selectFields").change(function () {  
                var field = $(this).val();  
                if (field != "请选择表名") {  
                    $("#<%= txtSql.ClientID %>").insertAtCaret(" " + field + " ");  
                }  
            });  
  
            //选择关键字  
            $(".keyword").click(function () {  
                var keyword = $(this).text();  
                $("#<%= txtSql.ClientID %>").insertAtCaret(" " + keyword + " ");  
            });  
  
        });  
  
    </script>  
    </form>  
</body>  
</html>  

 

 

 

 

一哥们写的不错,经过简单修改,转过来了 

ASP.NET 数据库页面访问简单工具

标签:

原文地址:http://www.cnblogs.com/Luouy/p/4832094.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!