询问循环内部控件的优缺点，以便插入，更新，删除SQL语句 [英] Asking about advantages and disadvantages of looping inside controls to make insert, update, delete SQL statement

问题描述

我工作的坏公司，他们制作ERP系统，他们使用delphi并且总是在表单的控件中循环，如果控件是文本，则将其fieldName与它的值取在命令文本中，然后应用INSERT，UPDATE，DELETE IN SQL用于快速生产屏幕，因为客户端总是要求添加新功能，屏幕，文本框字段



但现在我的坏公司将转换为ASPx WebApplication所以，他们将制作同样的事情在控制中循环，所以我在我的头脑中有太多的想法在这里`一个例子，



第一个想法：在控制器中循环使用（或称为来自另一个人的循环） Class）

My Bad Company I Worked With, They Make ERP Sytems, They was use delphi and always looping in controls of the form and if control is text its fieldName with it`s Value taked in commandtext then applying INSERT, UPDATE, DELETE IN SQL For Fast Productivity Of Screen Because Clients Always asks for adding new features, screens, textboxes fields

But Now My Bad Company Will Convert To ASPx WebApplication So, they will make same things Looping in controls, SO I Got Too Ideas In My Head Here`s An Example,

First Idea : Looping in Controls in everyscreen ( Or Called looping from Another Class)

// For Example Insertion
cmd1 = string.Empty;
cmd2 = string.Empty;
foreach(Control c in Page.Controls){
if (c is TextBox) {
cmd += cmd + c.FieldName + ",";
if (c.FieldType == Integer) {
cmd2 += cmd2+ c.Text + ",";
}

if (c.FieldType == String){
 cmd2 += cmd2 + "'" + c.Text + "',";
 }
}
}
cmd = "INSERT INTO Table_Name(" + cmd + ") VALUES(" + cmd2 + ")";

< br $>




第二个想法（我的想法）

在EveryScreen上拖动一个组件并且此组件包含要获取所有内容的属性ASPx页面的TextBoxes和分配每个TextBox同样具有属性的数据库中的相等字段。





1. SO我需要什么知道第一或第二个想法更好吗？对于Fast&性能代码和执行速度以及与SQL Server集成。



2.这些想法有哪些优点/缺点？ （循环控制，组件构思）



3.有没有最好和最快的替代想法会员在这里可以告诉我？对于快速拖动和为开发人员设计设计新屏幕而不在每页单独插入，更新，删除声明!!



我尝试过：



我想到第二个想法更好吗？或者可能不是。

Second Idea ( My Idea )
Drag A Component On EveryScreen And This Component Contains Property To Get All TextBoxes Of ASPx Page And Assign Each TextBox With It`s Equal Field Inside Database With Property too.


1. SO What I need to know Is First Or Second Idea Better ? For Fast & Performance Code And Speed Of Execution And Integrating With SQL Server.

2. And What Advantages / Disadvantages Of These Ideas ? (Looping Controls, Component Idea )

3. Is There Any Best And Fast Alternative Idea Members Here Can Show Me ? For Fast Drag & Drop For Developers To Design New Screen Without Make Single INSERT, UPDATE, DELETE Statement In Every Page !!

What I have tried:

I Think About Second Idea Is Better ? Or Maybe Not.

推荐答案

如果该代码代表您公司的现有代码，那么您仍然可以继续经营。永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。总是使用参数化查询。



我建议贵公司的某个人需要通过一本关于SQL，C＃和一般编程的大书来关闭自己并开始学习如何做而不是猜测并希望它不会导致问题。因为从代码的外观来看，没有人坐下来设计任何正确的东西。



没有必要为你提供一个最好的方式当有太多其他根本错误并且需要彻底修复以确保公司首先​​生存时，糟糕的想法。

If that code is representative of your companies existing code, then you are lucky to still be in business. Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

I'd suggest that somebody in your company needs to shut themselves away with a big book on SQL, C#, and general programming and start learning how it is supposed to be done instead of guessing and hoping it doesn't cause problems. Because from the look of that code, nobody has ever sat down and designed anything correctly.

There is no point in offering you a "best way" out of two very poor ideas when there is so much else that is fundamentally wrong and needs radical fixing to ensure the companies survival first.

这篇关于询问循环内部控件的优缺点，以便插入，更新，删除SQL语句的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！