当前位置：文江博客话题详情

静态方法在 ASP.NET 中安全吗

发布于 2024-11-07 07:01:42 字数 244 浏览 0 评论 0原文

嘿伙计们，我有一个网站，其中包含大量用于在页面上显示数据的数据库工作，因此我在 App_Code 下创建了一个公共的 VB 类。

现在我拥有该类下的所有方法和函数都是共享（静态）的，而且我还有一个也是静态的连接变量。

客户抱怨，有时页面上会出现错误，其中一个错误是字段名称不属于表Table，我不明白，关于这一点，因为这种情况很少见，如果没有带有名称的字段，那么这个每次都应该发生，我的一位同事说不应该有共享方法或函数...这是正确的吗..

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

蓬勃野心 2024-11-14 07:01:42

静态方法不存在“安全”问题。你的同事很困惑。您编写的代码是否应该是静态方法或实例方法取决于它的具体用途。但将它们作为静态方法并不“危险”。

我建议您找出导致问题的查询，因为静态方法肯定不是问题所在。

就您的连接而言，我不建议将其保留为静态变量。我假设这是一个 SqlConnection 或类似的东西。在这种情况下，如果将其保留为静态变量，则可能会发生以下情况：

您的连接永远不会关闭，即使在使用完它之后也是如此。
如果您有多个查询同时尝试使用该连接，则会遇到问题。

因此，我建议您使用以下模式来确保您的连接仅在使用时保持打开状态。

public void DoSomething()
{
    //Doing some work that doesn't need a connection.

    //Now ready to submit or fetch data from the database.
    using (SqlConnection connection = new SqlConnection(...))
    {
        using (SqlCommand command = new SqlCommand(..., connection))
        {
            //Now, working with the connection and command.
        }
    }

    //Done with the connection, doing more work now.
}

using 语句适用于任何 IDisposable。这里的 connection 变量将在 using 语句的右括号处自动关闭并销毁。我建议您尽可能使用它。 Stream、SqlConnection、Font等。

There is no "security" problem with a static method. Your colleague is confused. Whether or not the code you wrote should be static or instance methods depends on what exactly it does. But having them as static methods is not "dangerous."

I suggest you track down the query that is causing the problem because the method being static is certainly not the issue.

As far as your connection goes, I would not recommend keeping it as a static variable. I assume this is a SqlConnection, or something similar. In that case, if you keep it as a static variable, it is possible for the following to occur:

Your connection is never closed, even after you're done using it.
You will have issues if you have multiple queries trying to use the connection at the same time.

So I recommend you use the following pattern to ensure your connections are only kept open as long as they are in use.

public void DoSomething()
{
    //Doing some work that doesn't need a connection.

    //Now ready to submit or fetch data from the database.
    using (SqlConnection connection = new SqlConnection(...))
    {
        using (SqlCommand command = new SqlCommand(..., connection))
        {
            //Now, working with the connection and command.
        }
    }

    //Done with the connection, doing more work now.
}

The using statement works with anything that is IDisposable. Your connection variable here will be automatically closed and destroyed at the closing bracket of the using statement. I recommend you use it for anything that you can. Streams, SqlConnections, Fonts, etc.

回复收藏 0 原文