SqlCommand 和 SqlCommand 之间的混淆数据库适配器
大家,我是一名学生,刚接触 .NET,特别是 MVC3 开发,但对于我的一个项目,我必须对其进行研究,因此正在经历学习阶段 我面临的问题和困惑是关于数据库连接的,我学习的关于从数据库检索记录的内容是这样的:
//Method One:
var conn = new SqlConnection(conString.ConnectionString);
const string cmdString = "Select * FROM table";
var cmd = new SqlCommand(cmdString, conn);
var mySqlDataAdapter = new SqlDataAdapter(cmd);
mySqlDataAdapter = new SqlDataAdapter(cmd);
mySqlDataAdapter.Fill(myDataSet, "design");
// making a new SqlCommand object with stringQuery and SqlConnection object THEN a new SqlDataAdapter object with SqlCommand object and THEN filling up the table with the resulting dataset.
但是当我查看 MSDN Library 我发现 SqlDataAdapter 提供了一个构造函数 SqlDataAdapter(String, String) 直接需要一个 SelectCommand 和一个连接字符串来启动,从而跳过之间的 SqlCommand 的角色,如下所示:
//Method Two:
var conn = new SqlConnection(conString.ConnectionString);
const string cmdString = "Select * FROM table";
var mySqlDataAdapter = new SqlDataAdapter(cmdString, conn);
mySqlDataAdapter.Fill(myDataSet, "design");
对我来说看起来又短又漂亮,但我很困惑,如果这可以通过这种方式实现,那么为什么大多数书籍/老师都会去之前(SqlCommand 的方式)。
- SqlCommand 和 SqlDataAdapter 之间实际上有什么区别?
- 一法和二法哪个更好?
- 担心我在方法二中使用的快捷方式可能会影响安全性或性能?
如果我听起来很新手或很模糊,请提前道歉!将不胜感激任何可以澄清我的概念的帮助!谢谢你! :)
everyone I am a student and new to .NET and specially MVC3 development but for one of my project I’ve to work over it and so going through the learning phase
Issue and confusion I am facing is regarding DB-Connectivity, whast I leanree d regarding retrieving records from a database is something like this:
//Method One:
var conn = new SqlConnection(conString.ConnectionString);
const string cmdString = "Select * FROM table";
var cmd = new SqlCommand(cmdString, conn);
var mySqlDataAdapter = new SqlDataAdapter(cmd);
mySqlDataAdapter = new SqlDataAdapter(cmd);
mySqlDataAdapter.Fill(myDataSet, "design");
// making a new SqlCommand object with stringQuery and SqlConnection object THEN a new SqlDataAdapter object with SqlCommand object and THEN filling up the table with the resulting dataset.
But while I was checking out MSDN Library i found out that SqlDataAdapter offers a constructors SqlDataAdapter(String, String) that directly takes a SelectCommand and a connection string to initiate thus skipping the role of SqlCommand in between, like this:
//Method Two:
var conn = new SqlConnection(conString.ConnectionString);
const string cmdString = "Select * FROM table";
var mySqlDataAdapter = new SqlDataAdapter(cmdString, conn);
mySqlDataAdapter.Fill(myDataSet, "design");
Looks short and pretty to me, But I am confused here that if this is possible in this way then why most of the books/Teachers goes by earlier (SqlCommand’s way).
- What’s actually the difference between SqlCommand and SqlDataAdapter?
- Which method is better One or Two?
- Am afraid of I am using a shortcut in method two that could affect security or performance wise?
Apologising in advance if I sound very newbie or blurred! Will appreciate any help that could clear my concepts up! Thankyou! :)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
Errorstacks 总结得对:
另外:
我个人的偏好是将任何sql字符串包装在SqlCommand中并向其中添加SqlParameters以避免恶意用户的Sql注入。
关于这两种方法的性能 - 我不认为有任何差异。 (如果有人能证明我错了 - 就去做吧!)。
因此,我建议坚持使用较长的变体 1,并在必要时使用命令加参数。
附带说明一下 - 由于 Linq2Sql 和实体框架,数据集和数据表最近有点不合时宜。
但是当然,欢迎了解普通的旧 SqlCommands/Adapters/Readers 知识:)
Errorstacks summed it right:
In addition:
My personal preference is to wrap ANY sql strings in SqlCommand and add SqlParameters to it in order to avoid Sql Injection by malicious users.
Regarding performance of the two approaches - I don't expect that there is any difference. (If someone can prove me wrong - do it!).
So I would suggest to stick with the longer variant 1 and use commands plus parameters if necessary.
A bit of a side note - Datasets and DataTables are a bit out of game recently due to Linq2Sql and Entity Framework.
But of course the knowledge of plain old SqlCommands/Adapters/Readers is welcome :)
快点!将注意力转向 LINQ!
不再有像 SQLDataset 或 TableAdapters 这样的老奶奶的东西,也没有开放的连接。
有了 LINQ,一切都会变得更加顺利。
LINQ 示例:
暗淡结果 = 来自 myDataContext.Employees 中的 emp
其中 emp.Salary > 10000
选择 emp.ID, emp.SurName, ....
myDatagrid.datasource = result.toList
使用 LINQ,您不必担心查询中的单引号或 crlf...
您甚至可以在SQL 表、列和对象!
Hurry-up! Turn your attention to LINQ!!!
No more gran'ma stuff like SQLDataset or TableAdapters, no open connection.
Everything gets smoother with LINQ.
LINQ sample:
dim result = from emp in myDataContext.Employees
where emp.Salary > 10000
Select emp.ID, emp.SurName, ....
myDatagrid.datasource = result.toList
With LINQ, you don't have to worry about single quotes or crlf within your queries...
And you'll even have intellisense on the SQL tables, columns and objects!