是否必须在我的计算机中安装C#才能访问SQL数据库? [英] Does C# have to be installed in my computer to access SQL database?
本文介绍了是否必须在我的计算机中安装C#才能访问SQL数据库?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
你好朋友,
我正在尝试编写对SQL感兴趣的代码。我不会使用SQL IDE这就是为什么我想知道我是否可以访问数据库,除非SQL安装。我会只是运行C#代码,我不想在机器中安装SQL服务器,因为可能5年后它可能是适应问题。
什么我试过了:
Hello friends,
I am trying to write codes that is interested with SQL.I won't use the SQL IDE this is why I wonder if I can access database unless SQL installed.I will just run the C# codes ,I wouldn't like to install SQL server in the machine because maybe 5 five years later it can be adaptation problem.
What I have tried:
private void button1_Click(object sender, EventArgs e)
{
if (sqlConnection.State == ConnectionState.Closed)
{
label61.Text = DateTime.Now.ToString();
sqlConnection.Open();
SqlCommand sqlCommand = new SqlCommand("Insert into ContaVarlık([Parça Varlığı],Tarih) VALUES ('" + "OK" + "','" + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + "')", sqlConnection);
sqlCommand.ExecuteNonQuery();
sqlCommand.Dispose();
sqlConnection.Close();
}
}
//********************************************************************************************************************//
private void button2_Click(object sender, EventArgs e)
{
string command = "if exists(select * from sys.tables where name like 'ContaVarlık') drop table ContaVarlık " +
"create table ABC(" +
"OgrNo varchar(4))";
if (sqlConnection.State == ConnectionState.Closed)
{
SqlCommand sqlCommand = new SqlCommand(command, sqlConnection);
sqlConnection.Open();
sqlCommand.ExecuteNonQuery();
sqlConnection.Close();
}
}
推荐答案
根据解决方案1,不是你没有,对于客户端机器,应该没有。
您可以使用 .NET Framework数据提供程序 [ ^ ]包含在.NET框架中。链接(到Microsoft Docs)提供了更多信息和如何文章的链接。
另外根据解决方案1 - 使用参数化查询 - 本文解释了为什么.. SQL Injection - OWASP [ ^ ] ..这个解释了...... 查询参数化备忘单 - OWASP [ ^ ]
我再看看你发布的代码......而不是使用sys.tables使用
系统信息架构视图 [ ^ ] - 它们被设计为跨平台和跨版本,因此您将帮助将来证明(保护)您的代码。
As per solution 1, no you do not and, for client machines, should not.
You can connect to (remote) databases using .NET Framework Data Providers[^] which are included in the .NET framework. The link (to the Microsoft Docs) gives further information and links to "how to" articles.
Also as per solution 1 - use Parameterized queries - this article explains why .. SQL Injection - OWASP[^] .. and this one explains how ... Query Parameterization Cheat Sheet - OWASP[^]
I had another look at the code you posted ... instead of usingsys.tablesuse
System Information Schema Views[^] - they are designed to be cross platform and cross version so you will be helping to "future proof" (protect) your code.
if exists (select * from INFORMATION_SCHEMA.TABLES where TABLE_NAME = 'ContaVarlık' AND TABLE_SCHEMA = 'dbo')
drop table dbo.ContaVarlık;包含连接的第一段代码也不需要连接 - 它可以ld只是
Also the first bit of code that contains the concatenation does not need the concatenation - it could just be
Insert into ContaVarlık([Parça Varlığı],Tarih) VALUES ('OK',GetDate())
绝对不是。您不需要在计算机上安装SQL Server Management Studio,以便您的代码能够访问数据库,但是,建议您执行此操作以验证代码是否执行了应该执行的操作。另外,我强烈建议不要使用字符串连接来创建SQL查询,这是一个主要的安全风险。
了解参数化SQL查询并使用它们来创建代码抵抗SQL注入攻击。
Absolutely not. You do not need SQL server management studio installed on your computer for your code to be able to access the database, however, it is advisable to do so to verify your code does what it is supposed to do. Also, I will strongly advise against string concatenation to create an SQL query, it is a major security risk.
Learn about parametrized SQL queries and use them to make your code resistant to SQL injection attacks.
您表达了对未来兼容性的担忧,但您使用的是SQL Server特定代码(并非所有数据库都存储内部数据,如名称为sys.tables的表中的表名)。你必须在某处拥有一个SQL引擎的存储 - 为什么不把它放到云中,云供应商将确保数据库引擎保持良好的更新级别。
You express concern about future compatibility but you are using SQL Server specific code (not all databases store internal data like table names in a table called sys.tables). You must have an iunstance of an SQL engine somewhere - why not put it into a cloud where the cloud vendor will ensure that the database engine is kept at a good update level.
这篇关于是否必须在我的计算机中安装C#才能访问SQL数据库?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
