1111

啊鑫

3 天以前 00a72fff219241eb5b0405a066cc859d07cf7735

 service/Warehouse/MesXkyShdManager.cs

@@ -1,15 +1,17 @@
using System.Data;
using System.Data.SqlClient;
using Masuit.Tools;
using NewPdaSqlServer.DB;
using NewPdaSqlServer.Dto.service;
using NewPdaSqlServer.entity;
using NewPdaSqlServer.util;
using SqlSugar;
using static Microsoft.EntityFrameworkCore.DbLoggerCategory;

namespace NewPdaSqlServer.service.Warehouse;

public class MesXkyShdManager : Repository<MesCgthSq>
{

    public dynamic GetShdhItems(dynamic unity)
    {
        //// 使用参数化查询防止SQL注入
@@ -56,6 +58,7 @@

    public dynamic GetShdhBar(dynamic unity)
    {

        //// 使用参数化查询防止SQL注入
        var sqlParams = new List<SugarParameter> { new("@shdh", unity.shdh) };

@@ -102,13 +105,11 @@
        using (var conn = new SqlConnection(DbHelperSQL.strConn))
        {
            // 新增空对象校验
            if (unity == null)
                throw new ArgumentNullException(nameof(unity), "参数对象不能为 null");
            if (unity == null) throw new ArgumentNullException(nameof(unity), "参数对象不能为 null");

            // 参数校验增强
            if (string.IsNullOrEmpty(unity.userName?.ToString()))
                throw new ArgumentException("用户账户不允许为空",
                    nameof(unity.userName));
                throw new ArgumentException("用户账户不允许为空", nameof(unity.userName));

            if (string.IsNullOrEmpty(unity.shdh?.ToString()))
                throw new ArgumentException("送货单号不允许为空", nameof(unity.shdh));
@@ -124,16 +125,11 @@
                    cmd.CommandType = CommandType.StoredProcedure;
                    SqlParameter[] parameters =
                    {
                        new("@po_outMsg", SqlDbType.NVarChar, 300)
                            { Direction = ParameterDirection.Output },
                        new("@po_outSum", SqlDbType.NVarChar, 300)
                            { Direction = ParameterDirection.Output },
                        new("@pi_user", SqlDbType.NVarChar)
                            { Value = unity.userName.ToString() }, // 显式类型转换
                        new("@pi_barcode", SqlDbType.NVarChar)
                            { Value = unity.barcode.ToString() },
                        new("@pi_shdh", SqlDbType.NVarChar)
                            { Value = unity.shdh.ToString() }
                        new("@po_outMsg", SqlDbType.NVarChar, 300) { Direction = ParameterDirection.Output },
                        new("@po_outSum", SqlDbType.NVarChar, 300) { Direction = ParameterDirection.Output },
                        new("@pi_user", SqlDbType.NVarChar) { Value = unity.userName.ToString() }, // 显式类型转换
                        new("@pi_barcode", SqlDbType.NVarChar) { Value = unity.barcode.ToString() },
                        new("@pi_shdh", SqlDbType.NVarChar) { Value = unity.shdh.ToString() }
                    };
                    parameters[0].Direction = ParameterDirection.Output;
                    parameters[1].Direction = ParameterDirection.Output;
@@ -150,6 +146,7 @@
                    return _strMsg;

                    //return 0;

                }
                catch (Exception ex)
                {
@@ -163,3 +160,5 @@
        }
    }
}