1

codegit/CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Controllers/UserAccountController.cs

 using System;
 using System.Collections.Generic;
 using System.Data;
+using System.IO;
 using System.Linq;
 using System.Web;
 using System.Web.Mvc;
             }
             return NoToken("未知错误，请重新登录");
         }
+
+        /// <summary>
+        /// 导入用户列表
+        /// </summary>
+        /// <returns></returns>
+        public ActionResult ImportExcel()
+        {
+            string usercode = CurrentUser.UserData.F_UserCode;
+            if (!string.IsNullOrWhiteSpace(usercode))
+            {
+                HttpPostedFile _upFile = RequestString.GetFile("upFile");
+                if (_upFile != null)
+                {
+                    int headrow = 0;
+                    List<Model.T_Sys_RoleInfo> rolelist = rolebll.GetModelList("1=1");
+                    List<Model.T_Sys_Department> departments = departmentBLL.GetModelList("1=1");
+                    #region 上传文件
+                    string filepath = "";
+                    string datepath = DateTime.Now.ToString("yyyyMMddHHMMss");
+                    string aLastName = Path.GetExtension(_upFile.FileName);
+                    string oriname = Path.GetFileNameWithoutExtension(_upFile.FileName);
+                    if (aLastName != ".xls" && aLastName != ".xlsx")
+                    {
+                        return Error("文件类型错误，请选择Excel文件");
+                    }
+                    string newpath = datepath + "_" + _upFile.FileName;
+                    if (!Directory.Exists(Server.MapPath(this.Request.ApplicationPath + "\\ExcelData")))
+                    {
+                        Directory.CreateDirectory(Server.MapPath(this.Request.ApplicationPath + "\\ExcelData"));
+                    }
+                    filepath = this.Request.ApplicationPath + "/ExcelData/" + newpath;
+                    string PhysicalPath = Server.MapPath(filepath);
+                    _upFile.SaveAs(PhysicalPath);
+                    #endregion
+                    NPOIHelper np = new NPOIHelper();
+                    DataTable dt = np.ExcelToTable(_upFile, headrow);
+                    string msg = string.Empty;
+                    if (dt == null || dt.Rows.Count == 0)
+                        return Error("文件没有数据");
+                    else
+                    {
+                        Model.T_Sys_UserAccount dModel = new Model.T_Sys_UserAccount();
+
+                        foreach (DataRow dr in dt.Rows)
+                        {
+                            #region 数据入库
+                            headrow = headrow + 1;
+                            if (!string.IsNullOrEmpty(dr["用户角色"].ToString()))
+                            {
+                                var role = rolelist.Where(x => x.F_RoleName 
+                                == dr["用户角色"].ToString());
+                                if (role!=null&& role.Count()>0)
+                                {
+                                    dModel.F_RoleId = role.ToList()[0].F_RoleId;
+                                }
+                                else
+                                {
+                                    msg = msg + "第" + headrow + "行，用户角色错误，不存在，未导入<br>";
+                                    continue;
+                                }
+                            }
+                            else
+                            {
+                                msg = msg + "第" + headrow + "行，用户角色为空，未导入<br>";
+                                continue;
+                            }
+                            if (!string.IsNullOrEmpty(dr["用户姓名"].ToString()))
+                            {
+                                dModel.F_UserName = dr["用户姓名"].ToString();
+                            }
+                            else
+                            {
+                                msg = msg + "第" + headrow + "行，用户姓名为空，未导入<br>";
+                                continue;
+                            }
+                            if (!string.IsNullOrEmpty(dr["用户部门"].ToString()))
+                            {
+                                var dept = departments.Where(x => x.F_DeptName
+                                 == dr["用户部门"].ToString());
+                                if (dept != null && dept.Count() > 0)
+                                {
+                                    dModel.F_DeptId = dept.ToList()[0].F_DeptId;
+                                }
+                                else
+                                {
+                                    msg = msg + "第" + headrow +
+                                        "行，用户部门错误，不存在，未导入<br>";
+                                    continue;
+                                }
+                            }
+                            else
+                            {
+                                msg = msg + "第" + headrow + "行，用户部门为空，未导入<br>";
+                                continue;
+                            }
+                            if (!string.IsNullOrEmpty(dr["职务"].ToString()))
+                            {
+                                dModel.F_Post = dr["职务"].ToString();
+                            }
+                            if (!string.IsNullOrEmpty(dr["用户性别"].ToString()))
+                            {
+                                dModel.F_SexFlag = dr["用户性别"].ToString();
+                            }
+                            if (!string.IsNullOrEmpty(dr["固定电话"].ToString()))
+                            {
+                                dModel.F_Telephone = dr["固定电话"].ToString();
+                            }
+                            if (!string.IsNullOrEmpty(dr["手机号码"].ToString()))
+                            {
+                                dModel.F_Mobile = dr["手机号码"].ToString();
+                            }
+                            if (!string.IsNullOrEmpty(dr["备注"].ToString()))
+                            {
+                                dModel.F_Remark = dr["备注"].ToString();
+                            }
+                            dModel.F_Password = "123456";
+                            dModel.F_UserCode = Getcode().ToString();
+                            dModel.F_WorkNumber = Getcode().ToString();
+                            dModel.F_CreateBy = usercode;
+                            if (sysUserAccountBll.Add(dModel) > 0)
+                            {
+                                continue;
+                            }
+                            else
+                                msg = msg + "第" + headrow + "行，新增失败，未导入<br>";
+                            #endregion
+                        }
+                        if (string.IsNullOrEmpty(msg))
+                            return Success("导入成功 ");
+                        else
+                            return Error(msg);
+                    }
+                }
+                return Error("数据源上传失败");
+            }
+            return Error("用户登录失败，请重新登录");
+        }
+
+
         //[Authority]
         //添加用户信息
         public ActionResult AddUsers(UserAccountInput input)

codegit/CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Controllers/workorder/WorkOrderController.cs

         public ActionResult GetList(string code, string starttime, string area, 
             string office,string officename, string endtime,string duplicatetime,string endduplicatetime, 
             string productType,string productDate, string batchNumber,string manufacturer,string problemCode, 
-            string productName,string producttypes,string complaintType,string notifications,string keywords, string dealTimely,string ywy,int IsReduction=-1, 
+            string productName,string producttypes,string complaintType,string notifications,string keywords,
+            string auditStartTime, string auditEndTime,
+            string dealTimely,string ywy, string reviewNotes, string startdealtime, string enddealtime, int IsReduction=-1, 
             int CJ=0,int duplicate=-1, int see = 0, int source = 0, int type = 0, int state = -1, int pageindex = 1,
             int pagesize = 10,int isdc=0,int istime=-1 , int reminder=-1, int incomplete = -1,int isdealfile=-1,
-            int isreductions=0,int comprehensive=-1,int isManager=0)
+            int isreductions=0,int comprehensive=-1,int isManager=0, int reviewStatus = 0)
         {
            int userId = CurrentUser.UserData.F_UserId; ;
             if (userId != 0)
                     sql += $" and c.F_ProductDate = '" + productDate.Trim() + "'";
                 if (!string.IsNullOrEmpty(batchNumber))//产品编码
                     sql += $" and c.F_BatchNumber like '%" + batchNumber.Trim() + "%'";
+                if (!string.IsNullOrEmpty(reviewNotes))
+                    sql += $" and c.F_ReviewNotes like '%" + reviewNotes.Trim() + "%'";
+                if (reviewStatus > 0)
+                {
+                    if (reviewStatus==3)
+                    {
+                        sql += $" and  F_ReviewStatus is null ";
+                    }
+                    else
+                    {
+                        sql += $" and  F_ReviewStatus=" + reviewStatus + "";
+                    }
+                   
+                }
+                if(!string .IsNullOrEmpty(auditStartTime))
+                {
+                    sql += $" and  F_AuditTime >='"+ auditStartTime + "'";
+                }
+
+                if (!string.IsNullOrEmpty(auditEndTime))
+                {
+                    sql += $" and  F_AuditTime <='" + auditEndTime + "'";
+                }
                 if (reminder==0)
                 {
                     sql += $" and c.F_DealType ='1' ";
                     sql += " and datediff(day,c.F_CreateTime,'" + starttime + "')<=0 ";
                 if (!string.IsNullOrEmpty(endtime))
                     sql += " and datediff(day,c.F_CreateTime,'" + endtime + "')>=0   ";
+
+                if (!string.IsNullOrEmpty(startdealtime))
+                    sql += " and datediff(day,c.F_DealTime,'" + startdealtime + "')<=0 ";
+                if (!string.IsNullOrEmpty(enddealtime))
+                    sql += " and datediff(day,c.F_DealTime,'" + enddealtime + "')>=0   ";
+
+                
+
+
+
                  if (istime == 0)
                 {
                     sql += " and datediff(day,c.F_CreateTime,'" + DateTime.Now.ToString("yyyy-MM-dd") + "')<=0 ";
                             if (ro.F_RoleCode == "QTJS")
                                 return Error("无操作权限");
                             break;
-                        case 12://已完结
-                            sql += "AND c.F_State=11";
-                            sql += RetuSql(ro, see, ua);
-                            if (ro.F_RoleCode == "YWY" || ro.F_RoleCode == "ZG")
-                            {
-                                sql += "AND F_Notifications ='" + ua.F_UserCode + "'";
-                            }
-
-                            if (ro.F_RoleCode == "QTJS")
-                                return Error("无操作权限");
-                            break;
+                       
+                    }
+                    if (see >11)
+                    {
+                        sql += RetuSql(ro, see, ua);
                     }
                 }
                 else
                 model.F_ProductDate = it.F_ProductDate;//生产日期
                 model.F_BatchNumber = it.F_BatchNumber;//产品编码
                 model.F_Manufacturer = it.F_Manufacturer;//生产厂家
+                model.F_ReviewStatus = it.F_ReviewStatus;//审核情况
+                model.F_ReviewNotes = it.F_ReviewNotes;//审核备注
+
                 model.F_ProblemCode = it.F_ProblemCode;//问题代码
                 model.F_QualityProblem = it.F_QualityProblem;//质量问题
                 model.F_IsReduction = it.F_IsReduction;
                     }
                 }
                 //      model.F_ImplementationSituation = it.F_ImplementationSituation;//落实情况
-                model.F_State = it.F_State;//处理进度0待提交、1待查收、2待分派、3待接收、4处理中、10已完成11已审核
+                model.F_State = it.F_State;//处理进度0待提交、1待查收、2待分派、3待接收、4处理中、10已完成
                 model.F_Duplicate = it.F_Duplicate;//重复工单0未重复1重复
                 model.F_Content = it.F_Content;//备注
                  model . F_IsReduction= it.F_IsReduction;//是否减免
         public bool Review(Model.T_Sys_UserAccount nowUser, Model.T_Bus_WorkOrder model, string cont, int state = 0)
         {
             #region 工单处理
-            string creatuser = "";
             var opt = "审核通过";
-            int optbut = 10;
-            int wostate = 10;
-            string touser = "";
-            int deptid = 0;
             if (state == 2)
             {
                 opt = "审核拒绝";
-                optbut = 5;
-                wostate = 5;
-                var itemlast = itembll.GetModelList(" F_ItemType=" + 1 + " and  F_WoID=" + model.F_Id + "and  F_WoState=3  order by F_ID desc ").FirstOrDefault(); ;
-                if (itemlast != null)
-                {
-                     creatuser = itemlast.F_CreateUser;
-                }
-               
-                touser = nowUser.F_UserCode;
-                deptid = nowUser.F_DeptId;
             }
-            int F_Largeareaid = 0, F_Officeid = 0;
             #region 读取当前登录人部门
             string deptname = "";
             var deptmodel = departmentBLL.GetModel(nowUser.F_DeptId);
             if (!string.IsNullOrEmpty(cont))
                 optcont = "，审核意见：" + cont;
             var content = deptname + nowUser.F_UserName + "(" + nowUser.F_UserCode + ")" + opt + "工单" + optcont;
-            var itemid = AddLog(model.F_Id, wostate, content, 1, optbut, touser, deptid, nowUser);
+
+              long itemid= AddLog(model.F_Id, (int)model.F_State, content, 14, 14, "", 0, nowUser, 1);
             if (itemid > 0)
             {
                 #region 处理工单
-                if (state==2)
-                {
-                    model.F_Officeid = F_Officeid;
-                    model.F_Largeareaid = F_Largeareaid;
-                    model.F_Notifications = creatuser;//通知人
-                    if (wostate == 5)
-                    {
-                        if (model.F_TobeallocatedTime == null)
-                            model.F_TobeallocatedTime = DateTime.Now;
-                    }
-                    if (!string.IsNullOrEmpty(model.F_Returnnote))
-                        model.F_Returnnote += "," + cont;
-                    else
-                        model.F_Returnnote += cont;
-                }
-                model.F_State = wostate;
+                model.F_ReviewStatus = state;
+                model.F_ReviewNotes = cont;
+                model.F_AuditTime = DateTime.Now;
                 workorderBLL.Update(model);
                 #endregion
                 return true;

codegit/CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Controllers/workorder/WorkorderAppController.cs

         [HttpPost]
         public ActionResult login(string Username, string Password)
         {
+            return Error("移动端已停止使用。");
             bool appResult = LoodLoop();
             if (appResult)
             {
                 DataTable dt = new DataTable();
                 Model.T_Sys_UserAccount ua = userBLL.GetModel(userId);
                 Model.T_Sys_RoleInfo ro = rolebll.GetModel(ua.F_RoleId);
-                int DTJ = 0, DFP = 0, DCL = 0, CLZ = 0, YWJ = 0, THDTJ = 0, THDFP = 0, YJGD = 0, EJGD = 0, SJGD = 0, CJSL=0,ZX=0,
-                    DSH=0;
+                int DTJ = 0, DFP = 0, DCL = 0, CLZ = 0, YWJ = 0, THDTJ = 0, THDFP = 0, YJGD = 0, EJGD = 0, SJGD = 0, CJSL=0,ZX=0
+                  ;
                 string where = $" and (F_Type=" + 2 + "or (F_Duplicate!=1 and F_Duplicate!=4  and F_Type=3) or F_Type>4 )";
                if (ro.F_RoleCode == "DS")//电商角色
                 {
                             }
                             ZX = int.Parse(DbHelperSQL.GetSingle($"select COUNT(1) from T_Bus_WorkOrder WITH(NOLOCK)  where {sql} ").ToString());//待处理
                             break;
-                        case 12://待审核
-                            sql = "";
-                            sql += $"  F_IsDelete=0";
-                            sql += "AND F_Duplicate !=5" + where;
-                            sql += "AND F_State=11";
-                            sql += RetuSql(ro, 0, ua);
-                            if (ro.F_RoleCode == "YWY" || ro.F_RoleCode == "ZG")
-                            {
-                                sql += "AND F_Notifications ='" + ua.F_UserCode + "'";
-                            }
-
-                            if (ro.F_RoleCode == "JDYPTZX" || ro.F_RoleCode == "JDYBTZX")
-                                sql += "AND F_CreateUser=" + ua.F_UserCode;
-                            if (ro.F_RoleCode == "QTJS")
-                            {
-                                YWJ = 0;
-                                break;
-                            }
-                            DSH = int.Parse(DbHelperSQL.GetSingle($"select COUNT(1) from T_Bus_WorkOrder WITH(NOLOCK) where {sql} ").ToString());//待处理
-                            break;
-
                     }
 
                 }
                     SJGD = SJGD,
                     CJSL= CJSL,
                     ZX= ZX,
-                    DSH= DSH
                 };
                 return Content(obj.ToJson()); ;
             }
         /// <returns></returns>
         /// F_Duplicate  1咨询2投诉6抽检
         [Authority]
-        public ActionResult GetList(string starttime, string endtime, string keywords, string area, 
+        public ActionResult GetList(string starttime, string endtime, string keywords,string reviewNotes, string area, 
             string offce, string dealTimely,int CJ=0, int see=0, int state = -1, int pageindex = 1,
-            int pagesize = 10,int Processing=0,int isdc=0, int comprehensive = -1, int isManager = 0)
+            int pagesize = 10,int Processing=0,int isdc=0,int reviewStatus=0, int comprehensive = -1, int isManager = 0)
         {
             int userId = CurrentUser.UserData.F_UserId;
             if (userId != 0)
                     sql += " and datediff(day,F_CreateTime,'" + starttime + "')<=0 ";
                 if (!string.IsNullOrEmpty(endtime))
                     sql += " and datediff(day,F_CreateTime,'" + endtime + "')>=0   ";
+
+                if (!string.IsNullOrEmpty(reviewNotes))
+                    sql += $" and F_ReviewNotes like '%" + reviewNotes.Trim() + "%'";
+                if (reviewStatus > 0)
+                {
+                    if (reviewStatus == 3)
+                    {
+                        sql += $" and  F_ReviewStatus is null ";
+                    }
+                    else
+                    {
+                        sql += $" and  F_ReviewStatus=" + reviewStatus + "";
+                    }
+                }
+
                 if (ro.F_RoleCode == "XTGLY"|| ro.F_RoleCode == "QTJS")
                 {
                 }
                             if (ro.F_RoleCode == "QTJS")
                                 return Error("无操作权限");
                             break;
-                        case 12://已完结
-                            sql += "AND F_State=11";
-                            sql += RetuSql(ro, see, ua);
-
-                            if (ro.F_RoleCode == "YWY" || ro.F_RoleCode == "ZG")
-                            {
-                                sql += "AND F_Notifications ='" + ua.F_UserCode + "'";
-                            }
-                            //      if (ro.F_RoleCode == "JDYPTZX" || ro.F_RoleCode == "JDYBTZX")
-                            //    sql += "AND F_CreateUser=" + ua.F_UserCode;
-                            if (ro.F_RoleCode == "QTJS")
-                                return Error("无操作权限");
-                            break;
                     }
                 }
                 else
                 var buttons = ButtonGroup.GetButtons(model.F_State.ToString (), ro.F_RoleCode );
                  if (ro.F_RoleCode== "CLZY")
                 {
-                    if (model.F_State==1  || model.F_State == 3 || model.F_State == 5 || model.F_State == 4)
+                    if (model.F_State==1 || model.F_State == 10 || model.F_State == 3 || model.F_State == 5 || model.F_State == 4)
                     {
                         buttons.Add(ButtonGroup.goback());
                     }
                 model.F_BatchNumber = it.F_BatchNumber;//产品编码
                 model.F_Manufacturer = it.F_Manufacturer;//生产厂家
                 model.F_ProblemCode = it.F_ProblemCode;//问题代码
+                model.F_ReviewStatus = it.F_ReviewStatus;//审核情况
+                model.F_ReviewNotes = it.F_ReviewNotes;//审核备注
                 model.F_QualityProblem = it.F_QualityProblem;//质量问题
               //  model.F_Notifications = it.F_Notifications;//通知人
               //  model.F_ReceivingPerson = it.F_ReceivingPerson;//接听人
             {
               
                 opt = "处理完结";
-                optbut = 11;
-                wostate =11;
+                optbut = 10;
+                wostate =10;
                 model.F_DealUser = nowUser.F_UserCode;
                 model.F_DealTime = DateTime.Now;
             }
         public bool Review(Model.T_Sys_UserAccount nowUser, Model.T_Bus_WorkOrder model, string cont, int state = 0)
         {
             #region 工单处理
-            string creatuser = "";
             var opt = "审核通过";
-            int optbut = 10;
-            int wostate = 10;
-            string touser = "";
-            int deptid = 0;
             if (state == 2)
             {
                 opt = "审核拒绝";
-                optbut = 5;
-                wostate = 5;
-                var itemlast = itembll.GetModelList(" F_ItemType=" + 1 + " and  F_WoID=" + model.F_Id + "and  F_WoState=3  order by F_ID desc ").FirstOrDefault(); ;
-                if (itemlast != null)
-                {
-                    creatuser = itemlast.F_CreateUser;
-                }
-
-                touser = nowUser.F_UserCode;
-                deptid = nowUser.F_DeptId;
             }
-            int F_Largeareaid = 0, F_Officeid = 0;
             #region 读取当前登录人部门
             string deptname = "";
             var deptmodel = departmentBLL.GetModel(nowUser.F_DeptId);
             if (!string.IsNullOrEmpty(cont))
                 optcont = "，审核意见：" + cont;
             var content = deptname + nowUser.F_UserName + "(" + nowUser.F_UserCode + ")" + opt + "工单" + optcont;
-            var itemid = AddLog(model.F_Id, wostate, content, 1, optbut, touser, deptid, nowUser);
+
+            long itemid = AddLog(model.F_Id, (int)model.F_State, content, 14, 14, "", 0, nowUser, 1);
             if (itemid > 0)
             {
                 #region 处理工单
-                if (state == 2)
-                {
-                    model.F_Officeid = F_Officeid;
-                    model.F_Largeareaid = F_Largeareaid;
-                    model.F_Notifications = creatuser;//通知人
-                    if (wostate == 5)
-                    {
-                        if (model.F_TobeallocatedTime == null)
-                            model.F_TobeallocatedTime = DateTime.Now;
-                    }
-                    if (!string.IsNullOrEmpty(model.F_Returnnote))
-                        model.F_Returnnote += "," + cont;
-                    else
-                        model.F_Returnnote += cont;
-                }
-                model.F_State = wostate;
+                model.F_ReviewStatus = state;
+                model.F_ReviewNotes = cont;
+                model.F_AuditTime = DateTime.Now;
                 workorderBLL.Update(model);
                 #endregion
                 return true;
             #endregion
         }
 
+
         /// <summary>
         /// 转派工单
         /// </summary>

codegit/CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Global.asax.cs

 
         protected void Application_AuthenticateRequest(object sender, EventArgs e)
         {
+            SqlChecker SqlChecker = new SqlChecker(this.Request, this.Response);
+            SqlChecker.Check();
             HttpApplication app = (HttpApplication)sender;
             var context = app.Context;
             if (context == null) throw new ArgumentNullException("context");

codegit/CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Models/Common/ButtonGroup.cs

                     else if (code == "YWY" || code == "XTGLY" || code == "ZG")
                     {
                         buttons.Add(handle());
-                        //buttons.Add(goback());
+                        buttons.Add(goback());
                         
                     }
-                    else if (code == "CLZY")
-                    {
-                        buttons.Add(handle());
-                        buttons.Add(Perfect());
-                    }
-                    break;
-                case "11":
-                    //坐席 坐席班长 管理员
-                    if (code == "BSCJL" || code == "XTGLY")
-                    {
-                        buttons.Add(assign());
-                    }
-                    else if (code == "YWY" || code == "XTGLY" || code == "ZG")
+                    else if (code == "XTGLY" || code == "ZR")
                     {
-                        buttons.Add(handle());
                         buttons.Add(review());
 
                     }
-                    else if (code == "CLZY")
+                    else if (code == "CLZY" )
                     {
-                        buttons.Add(review());
+                        buttons.Add(handle());
                         buttons.Add(Perfect());
+                        buttons.Add(review());
                     }
                     break;
+               
             }
             return buttons;
         }

codegit/CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Models/Input/WorkOrderInput.cs

         /// 投诉类型
         /// </summary>
         public string F_ComplaintType { set; get; }
-        
+        /// <summary>
+        /// 审核情况1通过2拒绝
+        /// </summary>
+
+        public int? F_ReviewStatus { set; get; }
+        /// <summary>
+        /// 审核备注
+        /// </summary>
+
+        public string F_ReviewNotes { set; get; }
+
     }
 }

codegit/CallCenterApi/CallCenterApi.Model/T_Bus_WorkOrder.cs

         /// 投诉类型
         /// </summary>
         public string F_ComplaintType { set; get; }
+        /// <summary>
+        /// 审核情况1通过2拒绝
+        /// </summary>
+
+        public int ? F_ReviewStatus { set; get; }
+        /// <summary>
+        /// 审核备注
+        /// </summary>
 
-    #endregion Model
+        public string F_ReviewNotes { set; get; }
 
-}
+        public DateTime? F_AuditTime { set; get; }
+
+        #endregion Model
+
+    }
 }
 

codegit/CallCenterCommon/CallCenter.Utility/CallCenter.Utility.csproj

     <Compile Include="NPOI\Market.cs" />
     <Compile Include="RedisHelper.cs" />
     <Compile Include="SaltAndHashHelper.cs" />
+    <Compile Include="SqlChecker.cs" />
     <Compile Include="SysInformationHelper.cs" />
     <Compile Include="Time\DateTimeConvert.cs" />
     <Compile Include="VerifyCode\VerifyCode.cs" />

codegit/CallCenterCommon/CallCenter.Utility/FeiShuiHelper.cs

                 content = "{\"zh_cn\":{\"title\":\""+ title + 
                 "\",\"content\":[[{\"tag\":\"text\",\"text\":\"工单编号:"+ workrodercode + "\"}]," +
                 "[{\"tag\":\"text\",\"text\":\"投诉人姓名:" + name + "\"}]," +
-                "[{\"tag\":\"text\",\"text\":\"投诉人手机号:" + phone + "\"}]," +
+               // "[{\"tag\":\"text\",\"text\":\"投诉人手机号:" + phone + "\"}]," +
                 "[{\"tag\":\"text\",\"text\":\"投诉人地址:" + address + "\"}]," +
                 "[{\"tag\":\"text\",\"text\":\"产品地址:" + products + "\"}]," +
                 "[{\"tag\":\"text\",\"text\":\"问题描述:" + description + "\"}]," +

codegit/CallCenterCommon/CallCenter.Utility/SqlChecker.cs

+
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Web;
+
+namespace CallCenter.Utility
+{
+    public class SqlChecker
+    { //当前请求对象
+        private HttpRequest request;
+        //当前响应对象
+        private HttpResponse response;
+        //安全Url,当出现Sql注入时,将导向到的安全页面,如果没赋值,则停留在当前页面
+        private string safeUrl = String.Empty;
+
+        //Sql注入时,可能出现的sql关键字,可根据自己的实际情况进行初始化,每个关键字由'|'分隔开来
+        //private const string StrKeyWord = @"select|insert|delete|from|count(|drop table|update|truncate|asc(|mid(|char(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and";
+        private const string StrKeyWord = @"select|insert|delete|from|drop table|update|truncate|exec master|netlocalgroup administrators|net user|or|and|waitfor delay|waitfor|delay";
+        //Sql注入时,可能出现的特殊符号,,可根据自己的实际情况进行初始化,每个符号由'|'分隔开来
+        //  private const string StrRegex = @"@|*";
+        //private const string StrRegex = @"=|!|'";
+        public SqlChecker()
+        {
+            //
+            // TODO: 在此处添加构造函数逻辑
+            //
+        }
+        /// <summary>
+        /// 由此构造函数创建的对象,在验证Sql注入之后将停留在原来页面上
+        /// </summary>
+        /// <param name="_request">当前请求的 Request 对象</param>
+        /// <param name="_response">当前请求的 Response 对象</param>
+        public SqlChecker(HttpRequest _request, HttpResponse _response)
+        {
+            this.request = _request;
+            this.response = _response;
+        }
+        /// <summary>
+        /// 由此构造函数创建的对象,在验证Sql注入之后将请求将导向由 _safeUrl 指定的安全url页面上
+        /// </summary>
+        /// <param name="_request">当前请求的 Request 对象</param>
+        /// <param name="_response">当前请求的 Response 对象</param>
+        /// <param name="_safeUrl">验证Sql注入之后将导向的安全 url</param>
+        public SqlChecker(HttpRequest _request, HttpResponse _response, string _safeUrl)
+        {
+            this.request = _request;
+            this.response = _response;
+            this.safeUrl = _safeUrl;
+        }
+        /// <summary>
+        /// 只读属性 SQL关键字
+        /// </summary>
+        public string KeyWord
+        {
+            get
+            {
+                return StrKeyWord;
+            }
+        }
+        ///// <summary>
+        ///// 只读属性过滤特殊字符
+        ///// </summary>
+        //public string RegexString
+        //{
+        //    get
+        //    {
+        //        return StrRegex;
+        //    }
+        //}
+        /// <summary>
+        /// 当出现Sql注入时需要提示的错误信息(主要是运行一些客户端的脚本)
+        /// </summary>
+        public string Msg
+        {
+            get
+            {
+                string msg = "<script type='text/javascript'> "
+                + " alert('请勿输入非法字符!'); ";
+
+                if (this.safeUrl == String.Empty)
+                    msg += " window.location.href = '" + request.RawUrl + "'";
+                else
+                    msg += " window.location.href = '" + safeUrl + "'";
+
+                msg += "</script>";
+                return msg;
+            }
+        }
+        /// <summary>
+        /// 检查URL参数中是否带有SQL注入的可能关键字。
+        /// </summary>
+        /// <returns>存在SQL注入关键字时返回 true，否则返回 false</returns>
+        public bool CheckRequestQuery()
+        {
+            bool result = false;
+            if (request.QueryString.Count != 0)
+            {
+                //若URL中参数存在，则逐个检验参数。
+                foreach (string queryName in this.request.QueryString)
+                {
+                    //过虑一些特殊的请求状态值,主要是一些有关页面视图状态的参数
+                    if (queryName == "__VIEWSTATE" || queryName == "__EVENTVALIDATION")
+                        continue;
+                    //开始检查请求参数值是否合法
+                    if (CheckKeyWord(request.QueryString[queryName]))
+                    {
+                        //只要存在一个可能出现Sql注入的参数,则直接退出
+                        result = true;
+                        break;
+                    }
+                }
+            }
+            return result;
+        }
+        /// <summary>
+        /// 检查提交表单中是否存在SQL注入的可能关键字
+        /// </summary>
+        /// <returns>存在SQL注入关键字时返回 true，否则返回 false</returns>
+        public bool CheckRequestForm()
+        {
+            bool result = false;
+            if (request.Form.Count > 0)
+            {
+                //若获取提交的表单项个数不为0,则逐个比较参数
+                foreach (string queryName in this.request.Form)
+                {
+                    //过虑一些特殊的请求状态值,主要是一些有关页面视图状态的参数
+                    if (queryName == "__VIEWSTATE" || queryName == "__EVENTVALIDATION")
+                        continue;
+                    //开始检查提交的表单参数值是否合法
+                    if (CheckKeyWord(request.Form[queryName]))
+                    {
+                        //只要存在一个可能出现Sql注入的参数,则直接退出
+                        result = true;
+                        break;
+                    }
+                }
+            }
+            return result;
+        }
+
+        /// <summary>
+        /// 检查_sword是否包涵SQL关键字
+        /// </summary>
+        /// <param name="_sWord">需要检查的字符串</param>
+        /// <returns>存在SQL注入关键字时返回 true，否则返回 false</returns>
+        public bool CheckKeyWord(string _sWord)
+        {
+            bool result = false;
+            //模式1 : 对应Sql注入的可能关键字
+            string[] patten1 = StrKeyWord.Split('|');
+            //模式2 : 对应Sql注入的可能特殊符号
+            // string[] patten2 = StrRegex.Split('|');
+            //开始检查 模式1:Sql注入的可能关键字 的注入情况
+            foreach (string sqlKey in patten1)
+            {
+                if (_sWord.IndexOf(" " + sqlKey) >= 0 || _sWord.IndexOf(sqlKey + " ") >= 0)
+                {
+                    //只要存在一个可能出现Sql注入的参数,则直接退出
+                    result = true;
+                    break;
+                }
+
+            }
+            //开始检查 模式1:Sql注入的可能特殊符号 的注入情况
+            //foreach (string sqlKey in patten2)
+            //{
+            //    if (_sWord.IndexOf(sqlKey) >= 0)
+            //    {
+            //        //只要存在一个可能出现Sql注入的参数,则直接退出
+            //        result = true;
+            //        break;
+            //    }
+            //}
+            return result;
+        }
+        /// <summary>
+        /// 执行Sql注入验证
+        /// </summary>
+        public void Check()
+        {
+            if (CheckRequestQuery() || CheckRequestForm())
+            {
+                response.Write(Msg);
+                response.End();
+            }
+        }
+
+    }
+}