Создание веб-приложения, сочетающего в себе проектирование и создание баз данных, работу со сторонними форматами данных, программирование в NET и веб-разработку, страница 64

                    string sql;

                    string[] users = new string[1];

                    int id_role = 0;

                    MySqlCommand comm;

                    MySqlDataReader reader = null;

                    MySqlDataAdapter adapter;

                    DataSet data = new DataSet();

                    //ДОСТАЕМ ID РОЛИ

                    sql = "SELECT id FROM roles WHERE name = '" + roleName + "';";

                    comm = new MySqlCommand(sql, conn);

                    reader = comm.ExecuteReader();

                    while (reader.Read())

                    {

                        id_role = Convert.ToInt32(reader[0].ToString());

                    }

                    reader.Close();

                    if (id_role == 0) throw new ProviderException();

                    //ДОСТАЕМ МИЕНА ВСЕХ ЮЗЕРОВ С ЭТОЙ РОЛЬЮ

                    else

                    {

                        sql = "SELECT name FROM auth_user WHERE role=" + id_role + ";";

                        adapter = new MySqlDataAdapter(sql, conn);

                        adapter.Fill(data);

                        if (data.Tables[0].Rows.Count == 0)

                        {

                            conn.Close();

                            return null;

                        }

                        else

                        {

                            users = new string[data.Tables[0].Rows.Count];

                            for (int i = 0; i < data.Tables[0].Rows.Count; i++)

                            {

                                users[i] = data.Tables[0].Rows[i]["name"].ToString();

                            }

                            conn.Close();

                            return users;

                        }

                    }

                }

            }

            catch (MySqlException exp)

            {

                conn.Close();

                return null;

            }

            catch (ProviderException exp)

            {

                conn.Close();

                return null;

            }

        }

        public override bool IsUserInRole(string username, string roleName)

        {

            MySqlConnection conn = null;

            try

            {

                if (roleName.Length > 25) throw new ProviderException();

                else if (roleName == "" || roleName == null || username == "" || username == null) throw new ProviderException();

                else

                {

                    //ОБЪЯВЛЕНИЕ

                    conn = new MySqlConnection(connectionString);

                    conn.Open();

                    MySqlCommand comm;

                    string sql;

                    int id_role = 0;

                    int id_role_user = 0;

                    MySqlDataReader reader = null;

                    //ПОЛУЧАЕМ ID РОЛИ

                    sql = "SELECT id FROM roles WHERE name = '" + roleName + "';";

                    comm = new MySqlCommand(sql, conn);

                    reader = comm.ExecuteReader();

                    while (reader.Read())

                    {

                        id_role = Convert.ToInt32(reader[0].ToString());

                    }

                    reader.Close();

                    //СРАВНИЕМ ID РОЛИ ЮЗЕРА И ПОЛУЧЕНЫЙ ID

                    if (id_role == 0)

                    {

                        throw new ProviderException();

                    }

                    else

                    {

                        sql = "SELECT role FROM auth_user WHERE name = '" + username + "';";

                        comm = new MySqlCommand(sql, conn);

                        reader = comm.ExecuteReader();

                        while (reader.Read())

                        {