1 |
#include "StdAfx.h"
|
2 |
#include ".\databaselayer.h"
|
3 |
|
4 |
|
5 |
DatabaseLayer::DatabaseLayer(void)
|
6 |
{
|
7 |
db.OpenEx("ODBC; Description=; DRIVER=SQL Server; SERVER=TK-Teacher; UID=GroupTwo; PWD=toog30");
|
8 |
db.ExecuteSQL("USE GroupTwo");
|
9 |
}
|
10 |
|
11 |
DatabaseLayer::~DatabaseLayer(void)
|
12 |
{
|
13 |
}
|
14 |
|
15 |
vector<Person> DatabaseLayer::GetPersonAll(void)
|
16 |
{
|
17 |
vector<Person> buffer;
|
18 |
CString id, inits, name, isadmin, pass;
|
19 |
|
20 |
CRecordset rs(&db);
|
21 |
rs.Open(AFX_DB_USE_DEFAULT_TYPE, "SELECT PersonID, Initialer, Navn, Admin, Pass FROM Person");
|
22 |
while(!rs.IsEOF())
|
23 |
{
|
24 |
rs.GetFieldValue((short)0,id);
|
25 |
rs.GetFieldValue(1,inits);
|
26 |
rs.GetFieldValue(2,name);
|
27 |
rs.GetFieldValue(3,isadmin);
|
28 |
rs.GetFieldValue(4,pass);
|
29 |
|
30 |
Person p;
|
31 |
p.id = id;
|
32 |
p.inits = inits;
|
33 |
p.name = name;
|
34 |
p.isadmin = (isadmin == 1);
|
35 |
p.pass = pass;
|
36 |
|
37 |
buffer.push_back(p);
|
38 |
|
39 |
rs.MoveNext();
|
40 |
}
|
41 |
rs.Close();
|
42 |
return buffer;
|
43 |
}
|
44 |
|
45 |
Person DatabaseLayer::GetPerson(CString wantInits)
|
46 |
{
|
47 |
|
48 |
CString id, inits, name, isadmin, pass;
|
49 |
CString SQL;
|
50 |
|
51 |
Person p;
|
52 |
//FIX SQL INJECTION
|
53 |
SQL = "SELECT PersonID, Initialer, Navn, Admin, Pass FROM Person WHERE (Initialer = '" + wantInits + "')";
|
54 |
CRecordset rs(&db);
|
55 |
rs.Open(AFX_DB_USE_DEFAULT_TYPE, SQL);
|
56 |
|
57 |
if(!rs.IsEOF() )
|
58 |
{
|
59 |
rs.GetFieldValue((short)0,id);
|
60 |
rs.GetFieldValue(1,inits);
|
61 |
rs.GetFieldValue(2,name);
|
62 |
rs.GetFieldValue(3,isadmin);
|
63 |
rs.GetFieldValue(4,pass);
|
64 |
|
65 |
p.id = id;
|
66 |
p.inits = inits;
|
67 |
p.name = name;
|
68 |
p.isadmin = (isadmin == 1);
|
69 |
p.pass = pass;
|
70 |
}
|
71 |
return p;
|
72 |
}
|
73 |
|
74 |
bool DatabaseLayer::AddPerson(Person NewPerson)
|
75 |
{
|
76 |
CString SQL;
|
77 |
SQL.Format("INSERT into Person(Initialer, Navn, Admin, Pass) VALUES('%s', '%s', '%d', '%s')",NewPerson.inits, NewPerson.name, NewPerson.isadmin, NewPerson.pass);
|
78 |
db.ExecuteSQL(SQL);
|
79 |
return true;
|
80 |
}
|
81 |
|
82 |
bool DatabaseLayer::UpdatePerson(Person ChangePerson)
|
83 |
{
|
84 |
CString SQL;
|
85 |
SQL.Format("UPDATE Person SET Initialer = '%s', Navn = '%s', Pass = '%s', Admin = '%d' WHERE PersonID = '%s'", ChangePerson.inits, ChangePerson.name, ChangePerson.pass, ChangePerson.isadmin, ChangePerson.id);
|
86 |
db.ExecuteSQL(SQL);
|
87 |
return true;
|
88 |
}
|
89 |
|
90 |
bool DatabaseLayer::DeletePerson(Person RemovePerson)
|
91 |
{
|
92 |
CString SQL;
|
93 |
SQL.Format("DELETE FROM Person WHERE PersonID = '%s'", RemovePerson.id);
|
94 |
db.ExecuteSQL(SQL);
|
95 |
return true;
|
96 |
}
|