vb.net循环查询结果

发布于 2024-07-14 06:12:36 字数 1053 浏览 3 评论 0原文

我熟悉处理 SQL 查询和循环记录集结果的 VB6 ADO 方式。

但是，在 VB.Net 中查询服务器、循环结果并处理查询的正确方法是什么？我一直使用的所有方法似乎都不稳定并且随机崩溃。

我一直在使用以下代码：

Public Function GetSQLTable(ByVal strSQL As String) As DataTable
    Dim table As New DataTable
    Dim adapt As SqlDataAdapter

    Try
        adapt = New SqlDataAdapter(strSQL, gconIntegration)
        adapt.Fill(table)
    Catch ex As Exception
        LogError("GetSQLTable: " & ex.ToString(), "SQL: " & strSQL)
    End Try

    Return table
End Function

并像这样使用它：

 Dim dt As DataTable
 Dim lngRow As Long
 Dim current As DataRow
 Dim lngContact As long

 Try
        dt = GetSQLTable(strSQL)
        For lngRow = 0 To dt.Rows.Count - 1
            current = dt.Rows.Item(lngRow)
            lngContact = current.Item("indvid") 
            DoSomething(lngContact)
        Next
Catch ex As Exception
    LogError("FindContact: " & ex.ToString(), "SQL: " & strSQL)
    lngContact = -1     
 Finally
    current = nothing
    dt = nothing

原文

I am familiar with the VB6 ADO way of dealing with SQL queries and looping through the record set results.

However, what is the correct way to query a server, cycle through the results, and dispose of my query in VB.Net? All the ways I have been using seem to be unstable and crash randomly.

I have been using the following code:

Public Function GetSQLTable(ByVal strSQL As String) As DataTable
    Dim table As New DataTable
    Dim adapt As SqlDataAdapter

    Try
        adapt = New SqlDataAdapter(strSQL, gconIntegration)
        adapt.Fill(table)
    Catch ex As Exception
        LogError("GetSQLTable: " & ex.ToString(), "SQL: " & strSQL)
    End Try

    Return table
End Function

And using it like this:

 Dim dt As DataTable
 Dim lngRow As Long
 Dim current As DataRow
 Dim lngContact As long

 Try
        dt = GetSQLTable(strSQL)
        For lngRow = 0 To dt.Rows.Count - 1
            current = dt.Rows.Item(lngRow)
            lngContact = current.Item("indvid") 
            DoSomething(lngContact)
        Next
Catch ex As Exception
    LogError("FindContact: " & ex.ToString(), "SQL: " & strSQL)
    lngContact = -1     
 Finally
    current = nothing
    dt = nothing

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

青衫负雪 2024-07-21 06:12:36

我怀疑问题与您管理 gconIntegration 连接的方式有关。您太努力地尝试继续使用相同的连接。看看它住在哪里会很有帮助。

最好从池中获取“新”连接，并让 .Net 为您操心。

另外，您的通用“GetSQLTable”代码缺少一个重要部分：它不允许设置参数，这告诉我您正在将它们直接构建到查询字符串中。这是灾难的根源：它将导致 Sql 注入安全漏洞。

还有一件事：不要在 .Net 中将对象设置为 Nothing。如果需要，要么将它们丢弃，要么让它们自行超出范围。

以下是我从数据表中提取数据表的常规方法：

Function GetSomeData(ByVal Table2ID As Integer)
    Dim result As New DataTable

    Dim sql As String = "SELECT Column1,Column2 FROM [Table1] WHERE Table2ID= @Table2ID"

    Using cn As New SqlConnection( GetConnectionString() ), _
    Using cmd As New SqlCommand(sql, cn)

        cmd.Parameters.Add("@Table2ID", SqlDbType.Int).Value = Table2ID

        Using rdr As SqlDataReader = cmd.ExecuteReader()
           result.Load(rdr)
        End Using
    End Using
    return result
End Function

关于该代码的一些注释：

Using 语句将保证关联的对象在相应的 End using 处被释放。
查询参数保持强类型，并且永远不会直接替换到查询字符串中，即使它们传输到服务器也是如此。 Sql 数据和 Sql 代码永远不会混合。
对于需要发送的每个查询，您确实需要一个单独的函数。这确实是一件好事，因为它可以为您的数据库构建强类型接口。理想情况下，所有这些函数都位于同一个类中，并且 GetConnectionString 函数是该类的私有函数。在此数据层之外不会发生任何数据库访问。

I suspect the problem has to do with how you manage your gconIntegration connection. You're trying too hard to keep using that same connection. It would be helpful to see where it lives.

Better to get "new" connections from the pool and let .Net worry about it for you.

Also, your generic "GetSQLTable" code is missing an important part: it makes no allowance for setting parameters, which tells me you're building them directly into your query strings. That's a recipe for disaster: it will lead to Sql injection security holes.

One more thing: don't set objects to Nothing in .Net. Either dispose them if needed or let them fall out of scope on their own.

Here's my normal method for pulling back a datatable from a datatable:

Function GetSomeData(ByVal Table2ID As Integer)
    Dim result As New DataTable

    Dim sql As String = "SELECT Column1,Column2 FROM [Table1] WHERE Table2ID= @Table2ID"

    Using cn As New SqlConnection( GetConnectionString() ), _
    Using cmd As New SqlCommand(sql, cn)

        cmd.Parameters.Add("@Table2ID", SqlDbType.Int).Value = Table2ID

        Using rdr As SqlDataReader = cmd.ExecuteReader()
           result.Load(rdr)
        End Using
    End Using
    return result
End Function

Some notes on that code:

The Using statement will guarantee that the associated object is disposed at the corresponding End Using.
The query parameters are kept strongly typed, and never substituted directly into the query string, even when they are transmitted to the server. Sql Data and Sql Code never mix.
You do need a separate function for each query you need to send. This is really a good thing, as it leads into building a strongly-typed interface for your database. Ideally all of these functions are in the same class, and the GetConnectionString function is private to that class. No database access happens outside of this data layer.

回复收藏 0 原文

~没有更多了~