#include "StdAfx.h" #include ".\databaselayer.h" DatabaseLayer::DatabaseLayer(void) { db.OpenEx("ODBC; Description=; DRIVER=SQL Server; SERVER=TK-Teacher; UID=GroupTwo; PWD=toog30"); db.ExecuteSQL("USE GroupTwo"); } DatabaseLayer::~DatabaseLayer(void) { } vector DatabaseLayer::GetPersonAll(void) { vector buffer; CString id, inits, name, isadmin, pass; CRecordset rs(&db); rs.Open(AFX_DB_USE_DEFAULT_TYPE, "SELECT PersonID, Initialer, Navn, Admin, Pass FROM Person"); while(!rs.IsEOF()) { rs.GetFieldValue((short)0,id); rs.GetFieldValue(1,inits); rs.GetFieldValue(2,name); rs.GetFieldValue(3,isadmin); rs.GetFieldValue(4,pass); Person p; p.id = id; p.inits = inits; p.name = name; p.isadmin = (isadmin == 1); p.pass = pass; buffer.push_back(p); rs.MoveNext(); } rs.Close(); return buffer; } Person DatabaseLayer::GetPerson(CString wantInits) { CString id, inits, name, isadmin, pass; CString SQL; Person p; //FIX SQL INJECTION SQL = "SELECT PersonID, Initialer, Navn, Admin, Pass FROM Person WHERE (Initialer = '" + wantInits + "')"; CRecordset rs(&db); rs.Open(AFX_DB_USE_DEFAULT_TYPE, SQL); if(!rs.IsEOF() ) { rs.GetFieldValue((short)0,id); rs.GetFieldValue(1,inits); rs.GetFieldValue(2,name); rs.GetFieldValue(3,isadmin); rs.GetFieldValue(4,pass); p.id = id; p.inits = inits; p.name = name; p.isadmin = (isadmin == 1); p.pass = pass; } return p; } bool DatabaseLayer::AddPerson(Person NewPerson) { CString SQL; SQL.Format("INSERT into Person(Initialer, Navn, Admin, Pass) VALUES('%s', '%s', '%d', '%s')",NewPerson.inits, NewPerson.name, NewPerson.isadmin, NewPerson.pass); db.ExecuteSQL(SQL); return true; } bool DatabaseLayer::UpdatePerson(Person ChangePerson) { CString SQL; SQL.Format("UPDATE Person SET Initialer = '%s', Navn = '%s', Pass = '%s', Admin = '%d' WHERE PersonID = '%s'", ChangePerson.inits, ChangePerson.name, ChangePerson.pass, ChangePerson.isadmin, ChangePerson.id); db.ExecuteSQL(SQL); return true; } bool DatabaseLayer::DeletePerson(Person RemovePerson) { CString SQL; SQL.Format("DELETE FROM Person WHERE PersonID = '%s'", RemovePerson.id); db.ExecuteSQL(SQL); return true; }