当前位置: 文江博客话题详情

.Net ADO 连接类

发布于 2024-11-03 09:03:48 字数 1665 浏览 1 评论 0原文

我创建了一个连接类,它应该将数据表/数据读取器等返回到我的网页。我担心使用此类无法正确关闭连接。这是课程:

Imports Microsoft.VisualBasic

Namespace myConnection
  Public Class DB

      Public Shared Function GetConnStr()
                    Return "server=foobar"
      End Function


      Public Shared Function OpenConn()
                    Return New System.Data.SqlClient.SqlConnection( GetConnStr )
      End Function

      Public Shared Function OpenReader(SQL As String)

                    Dim conn 
                    conn = OpenConn
                    conn.Open

                    Return New System.Data.SqlClient.SqlCommand(SQL, conn).ExecuteReader(System.Data.CommandBehavior.CloseConnection)

      End Function

      Public Shared Function OpenTable(SQL As String)

                    Dim conn 
                    conn = OpenConn
                    conn.Open

                    Dim dr As System.Data.SqlClient.SqlDataReader = New System.Data.SqlClient.SqlCommand(SQL, conn).ExecuteReader(System.Data.CommandBehavior.CloseConnection)
                    Dim dt As System.Data.DataTable = New System.Data.DataTable()
          dt.Load(dr)

                    Return dt 

      End Function

      Public Shared Function ExecuteSQL(SQL As String)

                    Dim conn 
                    conn = OpenConn
                    conn.Open

                    Return New System.Data.SqlClient.SqlCommand(SQL, conn).ExecuteNonQuery()

      End Function


  End Class
End Namespace

以下是我使用它的方式:

rst = conn.OpenReader(SQL)
While rst.Read  
end while
rst.close

我担心一旦投入生产,连接将无法正确关闭,我的网站将会失败。我是.net新手,这个类背后的负责人有什么问题吗?

原文

I created a connection class that should return a datatables/datareaders etc to my webpages. I am worried that the connections won't be closed properly by using this class. Here is the class:

Imports Microsoft.VisualBasic

Namespace myConnection
  Public Class DB

      Public Shared Function GetConnStr()
                    Return "server=foobar"
      End Function


      Public Shared Function OpenConn()
                    Return New System.Data.SqlClient.SqlConnection( GetConnStr )
      End Function

      Public Shared Function OpenReader(SQL As String)

                    Dim conn 
                    conn = OpenConn
                    conn.Open

                    Return New System.Data.SqlClient.SqlCommand(SQL, conn).ExecuteReader(System.Data.CommandBehavior.CloseConnection)

      End Function

      Public Shared Function OpenTable(SQL As String)

                    Dim conn 
                    conn = OpenConn
                    conn.Open

                    Dim dr As System.Data.SqlClient.SqlDataReader = New System.Data.SqlClient.SqlCommand(SQL, conn).ExecuteReader(System.Data.CommandBehavior.CloseConnection)
                    Dim dt As System.Data.DataTable = New System.Data.DataTable()
          dt.Load(dr)

                    Return dt 

      End Function

      Public Shared Function ExecuteSQL(SQL As String)

                    Dim conn 
                    conn = OpenConn
                    conn.Open

                    Return New System.Data.SqlClient.SqlCommand(SQL, conn).ExecuteNonQuery()

      End Function


  End Class
End Namespace

And Here is how I am using it:

rst = conn.OpenReader(SQL)
While rst.Read  
end while
rst.close

I am worried that once I go into production the connections won't be close properly and my site will fail. I am new to .net, is there anything wrong with the principal behind this class?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

从来不烧饼 2024-11-10 09:03:48

你是对的:你的连接不会以这种方式关闭。更糟糕的是,通过只接受 sql 命令的字符串,您将面临 sql 注入安全漏洞。作为更好模式的示例,我用来填充数据表的代码看起来更像是这样:

Public Function GetDataTable(ByVal sql As String, ByVal AddParameters As Action(Of SqlParameterCollection)) As DataTable
    Dim result As New DataTable()
    Using cn As SqlConnection = OpenConn(), _
          cmd As New SqlCommand(sql, cn)

        AddParameters(cmd.Parameters)

        Using rdr As SqlDataReader = cmd.ExecuteReader
            result.Load(rdr)
        End Using
    End Using
    Return result
End Function

然后我会这样调用代码:

Dim data As DataTable = GetDataTable("SELECT * FROM SomeTable WHERE ID= @ID", _ 
       Sub(p)
           p.Add("@ID", SqlDbType.Int).Value = 12345
       End Sub )

我在 C# 中为 SqlDataReader 有类似的代码,但它需要使用迭代器块,并且功能不适用于VB刚刚使用 Visual Studio 2010 的服务包添加到 VB.Net Async CTP 已于几周前推出。这里要注意的重要一点是,我使用 using 块正确封装了 sql 连接,并且代码鼓励正确使用查询参数。

You are right: your connection won't be closed this way. Even worse, by only accepting strings for your sqlcommand you open yourself up to sql injection security vulnerabilities. As an example of a better pattern, the code I use to fill a data table looks more like this:

Public Function GetDataTable(ByVal sql As String, ByVal AddParameters As Action(Of SqlParameterCollection)) As DataTable
    Dim result As New DataTable()
    Using cn As SqlConnection = OpenConn(), _
          cmd As New SqlCommand(sql, cn)

        AddParameters(cmd.Parameters)

        Using rdr As SqlDataReader = cmd.ExecuteReader
            result.Load(rdr)
        End Using
    End Using
    Return result
End Function

I would then call the code like this:

Dim data As DataTable = GetDataTable("SELECT * FROM SomeTable WHERE ID= @ID", _ 
       Sub(p)
           p.Add("@ID", SqlDbType.Int).Value = 12345
       End Sub )

I have similar code in C# for an SqlDataReader, but it requires using an iterator block and that feature is not available for VBwas only just added to VB.Net with the service pack for visual studio 2010 and Async CTP out a few weeks ago. The important thing to take away here is that I have the sql connection correctly encapsulated with a Using block and the code encourages the correct use of query parameters.

回复 原文
轮廓§ 2024-11-10 09:03:48

不幸的是,我同意其他评论之一。你为什么要编写自己的连接类?

使用 ADO.NET EF 或 LINQ To SQL 来管理上下文中的连接。

如果您继续执行正在执行的操作,请将连接包装在“使用”块中。

Unfortunately, I agree with one of the other comments. Why are you writing your own connection classes?

Use ADO.NET EF or LINQ To SQL which will manage the connections in the Context.

If you do continue to do what you are doing, wrap your connection in a Using block.

回复 原文
寄意 2024-11-10 09:03:48

我使用一个模块来调用数据库,如果您使用多种形式,可以节省很多行...

这是我的模块形式:

Public cn As OleDbConnection

Public Sub InitDatabase()
    Dim sDBase As String = "DB.mdb"
    cn= New OleDbConnection
    cn.ConnectionString = "Provider=Microsoft.JET.OLEDB.4.0; Data Source=" & sDBase
End Sub

然后调用数据库使用这个:

Private ds As New DataSet
Private da As New OleDbDataAdapter

modWijnen.InitDatabase()

    Dim cm As New OleDbCommand("Select * from Table1", cn)
    da = New OleDbDataAdapter(cm)

    If (ds.Tables.Contains("Table1") = False) Then
        da.Fill(ds, "Table1")
    End If

我希望这对您有帮助...

I use a module to call the database, saves alot of lines if your usin multiple forms...

This is my module form:

Public cn As OleDbConnection

Public Sub InitDatabase()
    Dim sDBase As String = "DB.mdb"
    cn= New OleDbConnection
    cn.ConnectionString = "Provider=Microsoft.JET.OLEDB.4.0; Data Source=" & sDBase
End Sub

then for callin the database use this:

Private ds As New DataSet
Private da As New OleDbDataAdapter

modWijnen.InitDatabase()

    Dim cm As New OleDbCommand("Select * from Table1", cn)
    da = New OleDbDataAdapter(cm)

    If (ds.Tables.Contains("Table1") = False) Then
        da.Fill(ds, "Table1")
    End If

I hope this has been helpfull for you...

回复 原文
~没有更多了~

关于作者

昵称有卵用

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

烙印

文章 0 评论 0

singlesman

文章 0 评论 0

给自己一个微笑

文章 0 评论 0

独孤求败

文章 0 评论 0

晨钟暮鼓

文章 0 评论 0

我是自愿种绣球花的

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文