当前位置: 文江博客话题详情

这个 C# 4.0 MSSQL 2008 R2 数据库连接类可以改进吗 - 专家问题

发布于 2024-12-04 17:48:21 字数 2407 浏览 0 评论 0原文

这是我的通用数据库连接类。我正在使用此类通过网站执行查询。您对此有何建议以提高性能?谢谢。

MSSQL 2008 R2 SP1 - Microsoft Visual Studio 2010 SP1、C# 4.0 - ASP.net 4.0

using System;
using System.Collections.Generic;
using System.Collections;
using System.Linq;
using System.Web;
using System.Data.Sql;
using System.Data.SqlClient;
using System.Data;
using System.IO;

/// <summary>
/// Summary description for DbConnection
/// </summary>
public class DbConnection
{
    public static string srConnectionString = "server=localhost;database=myDB;uid=sa;pwd=MYPW;";

    public DbConnection()
    {

    }

    public static DataSet db_Select_Query(string strQuery)
    {
        DataSet dSet = new DataSet();

        try
        {
            using (SqlConnection connection = new SqlConnection(srConnectionString))
            {
                connection.Open();
                SqlDataAdapter DA = new SqlDataAdapter(strQuery, connection);
                DA.Fill(dSet);
            }
            return dSet;
        }

        catch (Exception)
        {
            using (SqlConnection connection = new SqlConnection(srConnectionString))
            {
                if (srConnectionString.IndexOf("select Id from tblAspErrors") != -1)
                {
                    connection.Open();
                    strQuery = strQuery.Replace("'", "''");
                    SqlCommand command = new SqlCommand("insert into tblSqlErrors values ('" + strQuery + "')", connection);
                    command.ExecuteNonQuery();
                }
            }
            return dSet;
        }
    }

    public static void db_Update_Delete_Query(string strQuery)
    {
        try
        {
            using (SqlConnection connection = new SqlConnection(srConnectionString))
            {
                connection.Open();
                SqlCommand command = new SqlCommand(strQuery, connection);
                command.ExecuteNonQuery();
            }
        }
        catch (Exception)
        {
            strQuery = strQuery.Replace("'", "''");
            using (SqlConnection connection = new SqlConnection(srConnectionString))
            {
                connection.Open();
                SqlCommand command = new SqlCommand("insert into tblSqlErrors values ('" + strQuery + "')", connection);
                command.ExecuteNonQuery();
            }

        }
    }
}
原文

This is my general database connection class. I am using this class to execute my queries through website. What would your suggestions about this to improve performance. Thank you.

MSSQL 2008 R2 SP1 - Microsoft Visual Studio 2010 SP1 , C# 4.0 - ASP.net 4.0

Class

using System;
using System.Collections.Generic;
using System.Collections;
using System.Linq;
using System.Web;
using System.Data.Sql;
using System.Data.SqlClient;
using System.Data;
using System.IO;

/// <summary>
/// Summary description for DbConnection
/// </summary>
public class DbConnection
{
    public static string srConnectionString = "server=localhost;database=myDB;uid=sa;pwd=MYPW;";

    public DbConnection()
    {

    }

    public static DataSet db_Select_Query(string strQuery)
    {
        DataSet dSet = new DataSet();

        try
        {
            using (SqlConnection connection = new SqlConnection(srConnectionString))
            {
                connection.Open();
                SqlDataAdapter DA = new SqlDataAdapter(strQuery, connection);
                DA.Fill(dSet);
            }
            return dSet;
        }

        catch (Exception)
        {
            using (SqlConnection connection = new SqlConnection(srConnectionString))
            {
                if (srConnectionString.IndexOf("select Id from tblAspErrors") != -1)
                {
                    connection.Open();
                    strQuery = strQuery.Replace("'", "''");
                    SqlCommand command = new SqlCommand("insert into tblSqlErrors values ('" + strQuery + "')", connection);
                    command.ExecuteNonQuery();
                }
            }
            return dSet;
        }
    }

    public static void db_Update_Delete_Query(string strQuery)
    {
        try
        {
            using (SqlConnection connection = new SqlConnection(srConnectionString))
            {
                connection.Open();
                SqlCommand command = new SqlCommand(strQuery, connection);
                command.ExecuteNonQuery();
            }
        }
        catch (Exception)
        {
            strQuery = strQuery.Replace("'", "''");
            using (SqlConnection connection = new SqlConnection(srConnectionString))
            {
                connection.Open();
                SqlCommand command = new SqlCommand("insert into tblSqlErrors values ('" + strQuery + "')", connection);
                command.ExecuteNonQuery();
            }

        }
    }
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

梨涡少年 2024-12-11 17:48:21

1.) 如何确保传入的 strQuery 不会受到 sql 注入?

2.) 使用日志框架,如 nlog 或 log4net。这将允许您轻松地通过使用配置文件来指定存储错误日志的位置(文件、电子邮件、数据库)。

您的日志记录将如下所示:

try
{
    using (SqlConnection connection = new SqlConnection(srConnectionString))
    {
        connection.Open();
        SqlCommand command = new SqlCommand(strQuery, connection);
        command.ExecuteNonQuery();
    }
}
catch (Exception ex)
{
    log.ErrorFormat("strQry: {0}", strQuery);
    log.Error(ex);
}

3.) 使用 SecureString

public static SecureString srConnectionString = "server=localhost;database=myDB;uid=sa;pwd=MYPW;";

4.) 如果数据库关闭,您将如何将错误写入数据库?它会生成一个未捕获的异常...

1.) How are you making sure the strQuery passed in isn't subjected to sql injection?

2.) Use a logging framework like nlog or log4net. This will allow you to easily dictate where to store the error logs (file, email, db) just by using a config file.

your logging would be something like this instead:

try
{
    using (SqlConnection connection = new SqlConnection(srConnectionString))
    {
        connection.Open();
        SqlCommand command = new SqlCommand(strQuery, connection);
        command.ExecuteNonQuery();
    }
}
catch (Exception ex)
{
    log.ErrorFormat("strQry: {0}", strQuery);
    log.Error(ex);
}

3.) Use SecureString

public static SecureString srConnectionString = "server=localhost;database=myDB;uid=sa;pwd=MYPW;";

4.) How are you going to write the error to the DB if the DB is down? It'll generate an uncaught exception...

回复 原文
~没有更多了~

关于作者

故乡的云

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

Gabu-gabumon

文章 0 评论 0

qq_CgiN62

文章 0 评论 0

荔枝明

文章 0 评论 0

赏烟花じ飞满天

文章 0 评论 0

独守阴晴ぅ圆缺

文章 0 评论 0

¤→小豸慧

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文