viewvc/H6/DatabaseLayer.cpp

#include "StdAfx.h"
#include ".\databaselayer.h"


DatabaseLayer::DatabaseLayer(void)
{
        db.OpenEx("ODBC; Description=; DRIVER=SQL Server; SERVER=TK-Teacher; UID=GroupTwo; PWD=toog30");
        db.ExecuteSQL("USE GroupTwo");
}

DatabaseLayer::~DatabaseLayer(void)
{
}

vector<Person> DatabaseLayer::GetPersonAll(void)
{
        vector<Person> buffer;
        CString id, inits, name, isadmin, pass;

                CRecordset rs(&db);
                rs.Open(AFX_DB_USE_DEFAULT_TYPE, "SELECT PersonID, Initialer, Navn, Admin, Pass FROM Person");
                while(!rs.IsEOF())
                {
                        rs.GetFieldValue((short)0,id);
                        rs.GetFieldValue(1,inits);
                        rs.GetFieldValue(2,name);
                        rs.GetFieldValue(3,isadmin);
                        rs.GetFieldValue(4,pass);
                        
                        Person p;
                        p.id            = id;
                        p.inits         = inits;
                        p.name          = name;
                        p.isadmin       = (isadmin == 1);
                        p.pass          = pass;

                        buffer.push_back(p);

                        rs.MoveNext();
                }
                rs.Close();
        return buffer;
}

Person DatabaseLayer::GetPerson(CString wantInits)
{

        CString id, inits, name, isadmin, pass;
        CString SQL;

        Person p;
        //FIX SQL INJECTION
        SQL = "SELECT PersonID, Initialer, Navn, Admin, Pass FROM Person WHERE (Initialer = '" + wantInits + "')";
        CRecordset rs(&db);
        rs.Open(AFX_DB_USE_DEFAULT_TYPE, SQL);

        if(!rs.IsEOF() )
        {
                        rs.GetFieldValue((short)0,id);
                        rs.GetFieldValue(1,inits);
                        rs.GetFieldValue(2,name);
                        rs.GetFieldValue(3,isadmin);
                        rs.GetFieldValue(4,pass);
                        
                        p.id            = id;
                        p.inits         = inits;
                        p.name          = name;
                        p.isadmin       = (isadmin == 1);
                        p.pass          = pass;
        }
        return p;
}

bool DatabaseLayer::AddPerson(Person NewPerson)
{
        CString SQL;
        SQL.Format("INSERT into Person(Initialer, Navn, Admin, Pass) VALUES('%s', '%s', '%d', '%s')",NewPerson.inits, NewPerson.name, NewPerson.isadmin, NewPerson.pass);
        db.ExecuteSQL(SQL);
        return true;
}

bool DatabaseLayer::UpdatePerson(Person ChangePerson)
{
        CString SQL;
        SQL.Format("UPDATE Person SET Initialer = '%s', Navn = '%s', Pass = '%s', Admin = '%d' WHERE PersonID = '%s'", ChangePerson.inits, ChangePerson.name, ChangePerson.pass, ChangePerson.isadmin, ChangePerson.id);
        db.ExecuteSQL(SQL);
        return true;
}

bool DatabaseLayer::DeletePerson(Person RemovePerson)
{
        CString SQL;
        SQL.Format("DELETE FROM Person WHERE PersonID = '%s'", RemovePerson.id);
        db.ExecuteSQL(SQL);
        return true;
}
1	#include "StdAfx.h"
2	#include ".\databaselayer.h"
3
4
5	DatabaseLayer::DatabaseLayer(void)
6	{
7	db.OpenEx("ODBC; Description=; DRIVER=SQL Server; SERVER=TK-Teacher; UID=GroupTwo; PWD=toog30");
8	db.ExecuteSQL("USE GroupTwo");
9	}
10
11	DatabaseLayer::~DatabaseLayer(void)
12	{
13	}
14
15	vector<Person> DatabaseLayer::GetPersonAll(void)
16	{
17	vector<Person> buffer;
18	CString id, inits, name, isadmin, pass;
19
20	CRecordset rs(&db);
21	rs.Open(AFX_DB_USE_DEFAULT_TYPE, "SELECT PersonID, Initialer, Navn, Admin, Pass FROM Person");
22	while(!rs.IsEOF())
23	{
24	rs.GetFieldValue((short)0,id);
25	rs.GetFieldValue(1,inits);
26	rs.GetFieldValue(2,name);
27	rs.GetFieldValue(3,isadmin);
28	rs.GetFieldValue(4,pass);
29
30	Person p;
31	p.id = id;
32	p.inits = inits;
33	p.name = name;
34	p.isadmin = (isadmin == 1);
35	p.pass = pass;
36
37	buffer.push_back(p);
38
39	rs.MoveNext();
40	}
41	rs.Close();
42	return buffer;
43	}
44
45	Person DatabaseLayer::GetPerson(CString wantInits)
46	{
47
48	CString id, inits, name, isadmin, pass;
49	CString SQL;
50
51	Person p;
52	//FIX SQL INJECTION
53	SQL = "SELECT PersonID, Initialer, Navn, Admin, Pass FROM Person WHERE (Initialer = '" + wantInits + "')";
54	CRecordset rs(&db);
55	rs.Open(AFX_DB_USE_DEFAULT_TYPE, SQL);
56
57	if(!rs.IsEOF() )
58	{
59	rs.GetFieldValue((short)0,id);
60	rs.GetFieldValue(1,inits);
61	rs.GetFieldValue(2,name);
62	rs.GetFieldValue(3,isadmin);
63	rs.GetFieldValue(4,pass);
64
65	p.id = id;
66	p.inits = inits;
67	p.name = name;
68	p.isadmin = (isadmin == 1);
69	p.pass = pass;
70	}
71	return p;
72	}
73
74	bool DatabaseLayer::AddPerson(Person NewPerson)
75	{
76	CString SQL;
77	SQL.Format("INSERT into Person(Initialer, Navn, Admin, Pass) VALUES('%s', '%s', '%d', '%s')",NewPerson.inits, NewPerson.name, NewPerson.isadmin, NewPerson.pass);
78	db.ExecuteSQL(SQL);
79	return true;
80	}
81
82	bool DatabaseLayer::UpdatePerson(Person ChangePerson)
83	{
84	CString SQL;
85	SQL.Format("UPDATE Person SET Initialer = '%s', Navn = '%s', Pass = '%s', Admin = '%d' WHERE PersonID = '%s'", ChangePerson.inits, ChangePerson.name, ChangePerson.pass, ChangePerson.isadmin, ChangePerson.id);
86	db.ExecuteSQL(SQL);
87	return true;
88	}
89
90	bool DatabaseLayer::DeletePerson(Person RemovePerson)
91	{
92	CString SQL;
93	SQL.Format("DELETE FROM Person WHERE PersonID = '%s'", RemovePerson.id);
94	db.ExecuteSQL(SQL);
95	return true;
96	}