asp.net Web页执行SQL程序代码

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="ManageSQL.aspx.cs" Inherits="manage_ManageSQL" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Web页执行SQL</title>
<style type="text/css">
*{
padding:0;
margin:0;
}
body{
font-size:12px;
color:#333;
}
.navPath
{
 background:#A4B6D7;
 padding:4px;
}
</style>
</head>
<body>
<form id="form" runat="server">
<div class="navPath">您的当前位置：系统管理&raquo;&raquo;执行SQL</div>
<div style="vertical-align:top; margin-top:10px; margin-left:10px;">
    <asp:TextBox ID="txtSQL" runat="server" TextMode="MultiLine" Height="80px" Width="90%" BorderStyle="Inset" OnTextChanged="txtSQL_TextChanged"></asp:TextBox>
    <br />
    <asp:Button ID="btnExeSql" runat="server" CssClass="button" Text="执行SQL" OnClick="btnExeSql_Click" />
    <asp:Label ID="lblExeNum" runat="server"></asp:Label>
<a href="javascript:void(0)" onclick="Open(document.getElementById('table').innerHTML)">查看表结构</a>
    <div id="table" style="display:none;">
    <asp:GridView ID="grdTable" runat="server" Font-Size="12px" Width="100%">
        <RowStyle HorizontalAlign="Center" CssClass="tItem" />
        <PagerStyle CssClass="tPage" />
        <HeaderStyle CssClass="tHeader" />
        <AlternatingRowStyle CssClass="tAlter" />
        <SelectedRowStyle BackColor="#F1F5FB" />
    </asp:GridView>
    </div>
    <div class="tipInfo" style="width:90%; display:none;" id="tip">此功能建议仅供系统管理员在十分熟悉SQL语句的情况下操作，否则可能造成数据库数据丢失。</div>
    <hr style="border-collapse:collapse; width:90%; text-align:left;" />
</div>
    <asp:GridView ID="grdSQL" runat="server" Width="100%" Visible="False">
        <RowStyle HorizontalAlign="Center" CssClass="tItem" />
        <PagerStyle CssClass="tPage" />
        <HeaderStyle CssClass="tHeader" />
        <AlternatingRowStyle CssClass="tAlter" />
        <SelectedRowStyle BackColor="#F1F5FB" />
    </asp:GridView>
<script type="text/javascript">
var Osel=document.form;
Osel.onsubmit=function()
{
    if(Osel.<%=txtSQL.ClientID %>.value=="")
    {
        alert("输入不可为空");
        Osel.<%=txtSQL.ClientID %>.focus();
        return false;
    }
    else if(Osel.<%=txtSQL.ClientID %>.value.indexOf("update")!=-1 || Osel.<%=txtSQL.ClientID %>.value.indexOf("delete")!=-1 || Osel.<%=txtSQL.ClientID %>.value.indexOf("truncate")!=-1)
    {
        if(confirm("即将执行的操作带有一定的风险，是否继续？"))
            return true;
        else
            return false;
    }
}

function Open(value)
{
  var TestWin=open('','','toolbar=no, scrollbars=yes, menubar=no, location=no, resizable=no');
  TestWin.document.title="数据库表结构";
  TestWin.document.write(value);
}

function clear()
{
    document.getElementById("tip").style.display="none"
}
window.setInterval("clear()",3000);

</script>
</form>
</body>
</html>

网页执行SQL语句程序manageSql.aspx.cs

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;

/// <summary>
/// Author:walkingp
/// Web Site:http://www.51obj.cn/
/// E-mail:walkingp@126.com
/// </summary>
public partial class manage_ManageSQL : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            GetTableName();
        }
    }

    #region SqlConnection
    /// <summary>
    /// 初始化SqlConnection
    /// </summary>
    private static SqlConnection connection;
    public static SqlConnection Connection
    {
        get
        {
            string connectionString = "server=.;DataBase=model;uid=sa;pwd=;";
            if (connection == null)
            {
                connection = new SqlConnection(connectionString);
                connection.Open();
            }
            else if (connection.State == System.Data.ConnectionState.Closed)
            {
                connection.Open();
            }
            else if (connection.State == System.Data.ConnectionState.Broken)
            {
                connection.Close();
                connection.Open();
            }
            return connection;
        }
    }

    /// <summary>
    /// 执行Sql
    /// </summary>
    /// <param name="sql">Sql</param>
    /// <returns>影响记录条数</returns>
    public static int ExecuteCommand(string safeSql)
    {
        SqlCommand cmd = new SqlCommand(safeSql, Connection);
        int result = cmd.ExecuteNonQuery();
        return result;
    }
    /// <summary>
    /// 执行Sql(overload)
    /// </summary>
    /// <param name="sql">Sql</param>
    /// <param name="values">SqlParameter</param>
    /// <returns>影响记录条数</returns>
    public static int ExecuteCommand(string sql, params SqlParameter[] values)
    {
        SqlCommand cmd = new SqlCommand(sql, Connection);
        cmd.Parameters.AddRange(values);
        return cmd.ExecuteNonQuery();
    }

    /// <summary>
    /// 获取DataTable
    /// </summary>
    /// <param name="safeSql">Sql</param>
    /// <returns>DataTable</returns>
    public static DataTable GetDataSet(string safeSql)
    {
        DataSet ds = new DataSet();
        SqlCommand cmd = new SqlCommand(safeSql, Connection);
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        da.Fill(ds);
        return ds.Tables[0];
    }
    #endregion

    /// <summary>
    /// 获取数据表结构
    /// </summary>
    protected void GetTableName()
    {
        DataTable dt = Connection.GetSchema("Tables", null);
        Connection.Close();
        grdTable.DataSource = dt;
        grdTable.DataBind();
    }

    /// <summary>
    /// 执行操作
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void btnExeSql_Click(object sender, EventArgs e)
    {
        string sql = txtSQL.Text.Trim().ToLower();
        int intExeNum;

        try
        {
            if (sql.Substring(0, 6).IndexOf("select") != -1)
            {
                DataTable dt = GetDataSet(sql);
                grdSQL.DataSource = dt;
                grdSQL.DataBind();
                lblExeNum.Text = "返回记录条数：<strong>" dt.Rows.Count "</strong>";
                grdSQL.Visible = true;
            }
            else if (sql.Substring(0, 6).IndexOf("delete") != -1 || sql.Substring(0, 6).IndexOf("update") != -1 || sql.Substring(0, 8).IndexOf("truncate") != -1)
            {
                intExeNum = ExecuteCommand(sql);
                lblExeNum.Text = "影响行数：<strong>" intExeNum "</strong>";
                grdSQL.Visible = false;
            }
        }
        catch (Exception ex)
        {
            ClientScript.RegisterStartupScript(typeof(string), "", "document.write("<h4 style='font-size:14px;color:#c00;padding-left:20px;'>抱歉，系统发生了错误……错误信息：" ex.Message.Replace(""", "'") "</h4>")", true);
        }
    }

    /// <summary>
    /// 执行按钮可用
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void txtSQL_TextChanged(object sender, EventArgs e)
    {
        btnExeSql.Enabled = true;
    }
}

您可能感兴趣的文章：
asp.net如何防范SQL注入式攻击
asp.net性能优化方法-数据库访问性能优化
创建ASP.NET数据存储层(5)
为Asp.net应用程序设置构建Web服务
写asp.net论坛时用的一个技巧
调试ASP.NET应用程序的方法和技巧
ASP.NET 2.0中的登陆控件简介
asp.net 创建一个Web服务
php如何防sql注入？
Asp.net 页面导航的几种方法与比较