Program development, we may often encounter all database tables have the same attributes and behaviors, such as the need to create a record of personal data, creation time, modification time and modification of people. If all of these plus each action information, looking at the code comparison redundant, less elegant looking, so consider adding a filter prior to filling the model request to enter aciton. So that we would not be necessary in every action or login information to create time staff may be reproduced for a class action to make the programming process more focused on business. At the same time, we can also do some filtering or keyword filtering in single quotes here.
Here I chose to use a ActionFilterAttribute, filling model by overriding OnActionExecuting method. Specific codes are as follows:
public class ModelFillFilter : ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext context) { base.OnActionExecuting(context); var parameters = context.ActionArguments; parameters.ForEach(parameter => { var model = parameter.Value; if (model == null) return; var list = new ArrayList(); if (typeof(ICollection).IsAssignableFrom(model.GetType())) { list.AddRange(model as ICollection); } else { list.Add(model); } list.ToArray().ForEach(item => { var propertys = item.GetType().GetProperties(); propertys.ForEach(p => { // 替换' 解决sql注入问题 if (p.PropertyType.Name.ToLower().Contains("string") && p.GetValue(item) != null && p.GetSetMethod() != null) { p.SetValue(item, p.GetValue(item).ToString().Replace("'", "''")); } }); }); }); var tokenObj = context.HttpContext.Request.Form["token"]; if (!string.IsNullOrEmpty(tokenObj)) { var token = tokenObj.ToString(); var userInfoService = Ioc.GetService<IUserInfoService>(); var user = userInfoService.Get<UserInfoModel>(string.Format(" LoginToken='{0}'", token)); if (user != null) { parameters.ForEach(parameter => { var model = parameter.Value; if (model == null) return; var list = new ArrayList(); if (typeof(ICollection).IsAssignableFrom(model.GetType())) { list.AddRange(model as ICollection); } else { list.Add(model); } list.ToArray().ForEach(item => { var propertys = item.GetType().GetProperties(); //模型处于创建状态 bool isCreate = propertys.Any(p => p.Name.ToLower() == "id" && (p.GetValue(item) == null || string.IsNullOrEmpty(p.GetValue(item).ToString()) || p.GetValue(item).ToString() == "0")); if (isCreate) { propertys.ForEach(p => { //字段填充 if (p.Name.ToLower() == "createdby" && p.GetSetMethod() != null && user != null) p.SetValue(item, Convert.ToInt32(user.Id)); else if (p.Name.ToLower() == "createdat" && p.GetSetMethod() != null) p.SetValue(item, DateTime.Now); }); } //模型处于编辑状态 bool isUpdate = propertys.Any(p => p.Name.ToLower() == "id" && (p.GetValue(item) != null && !string.IsNullOrEmpty(p.GetValue(item).ToString()) && p.GetValue(item).ToString() != "0")); if (isUpdate) { propertys.ForEach(p => { //字段填充 if (p.Name.ToLower() == "updatedby" && p.GetSetMethod() != null && user != null) p.SetValue(item, Convert.ToInt32(user.Id)); else if (p.Name.ToLower() == " Updatedat " && p.GetSetMethod () =! Null ) p.SetValue (Item, the DateTime.Now); }); } // neither create nor edit state IF (isCreate &&!! IsUpdate) { propertys.ForEach ( P => { }); } }); }); } } } /// <summary> /// 清楚敏感词汇 /// </summary> /// <param name="key"></param> /// <returns></returns> private bool IsContainKey(string key) { return false; } }
Code implementation, where there is the id value by determining whether the request for determining whether to add or modify operations, for different assignments. It can be different according to their judgment.