精简修正代码

啊鑫

9 天以前 0aa54059b26e6641196e9953490dd18616e916e3

 service/Warehouse/MesXkyShdManager.cs

@@ -1,17 +1,15 @@
using System.Data;
using System.Data.SqlClient;
using Masuit.Tools;
using NewPdaSqlServer.DB;
using NewPdaSqlServer.Dto.service;
using NewPdaSqlServer.entity;
using NewPdaSqlServer.util;
using SqlSugar;
using static Microsoft.EntityFrameworkCore.DbLoggerCategory;

namespace NewPdaSqlServer.service.Warehouse;

public class MesXkyShdManager : Repository<MesCgthSq>
{

    public dynamic GetShdhItems(dynamic unity)
    {
        //// 使用参数化查询防止SQL注入
@@ -58,7 +56,6 @@

    public dynamic GetShdhBar(dynamic unity)
    {

        //// 使用参数化查询防止SQL注入
        var sqlParams = new List<SugarParameter> { new("@shdh", unity.shdh) };

@@ -105,11 +102,13 @@
        using (var conn = new SqlConnection(DbHelperSQL.strConn))
        {
            // 新增空对象校验
            if (unity == null) throw new ArgumentNullException(nameof(unity), "参数对象不能为 null");
            if (unity == null)
                throw new ArgumentNullException(nameof(unity), "参数对象不能为 null");
            
            // 参数校验增强
            if (string.IsNullOrEmpty(unity.userName?.ToString()))
                throw new ArgumentException("用户账户不允许为空", nameof(unity.userName));
                throw new ArgumentException("用户账户不允许为空",
                    nameof(unity.userName));
            
            if (string.IsNullOrEmpty(unity.shdh?.ToString()))
                throw new ArgumentException("送货单号不允许为空", nameof(unity.shdh));
@@ -125,11 +124,16 @@
                    cmd.CommandType = CommandType.StoredProcedure;
                    SqlParameter[] parameters =
                    {
                        new("@po_outMsg", SqlDbType.NVarChar, 300) { Direction = ParameterDirection.Output },
                        new("@po_outSum", SqlDbType.NVarChar, 300) { Direction = ParameterDirection.Output },
                        new("@pi_user", SqlDbType.NVarChar) { Value = unity.userName.ToString() }, // 显式类型转换
                        new("@pi_barcode", SqlDbType.NVarChar) { Value = unity.barcode.ToString() },
                        new("@pi_shdh", SqlDbType.NVarChar) { Value = unity.shdh.ToString() }
                        new("@po_outMsg", SqlDbType.NVarChar, 300)
                            { Direction = ParameterDirection.Output },
                        new("@po_outSum", SqlDbType.NVarChar, 300)
                            { Direction = ParameterDirection.Output },
                        new("@pi_user", SqlDbType.NVarChar)
                            { Value = unity.userName.ToString() }, // 显式类型转换
                        new("@pi_barcode", SqlDbType.NVarChar)
                            { Value = unity.barcode.ToString() },
                        new("@pi_shdh", SqlDbType.NVarChar)
                            { Value = unity.shdh.ToString() }
                    };
                    parameters[0].Direction = ParameterDirection.Output;
                    parameters[1].Direction = ParameterDirection.Output;
@@ -146,7 +150,6 @@
                    return _strMsg;

                    //return 0;

                }
                catch (Exception ex)
                {
@@ -160,5 +163,3 @@
        }
    }
}