有没有办法简化我的代码? [英] Is there any way to simplify my code?
本文介绍了有没有办法简化我的代码?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想写一个可以与Ms-Acess和MySql数据库交互的简化代码。请任何人给我们提供想法。
I want to write a simplified code which can interact with Ms-Acess and MySql database.Please anyone give us idea.
private void Form1_Load(object sender, EventArgs e)
{
if (dataBase == "MySql")
{
String conn = "server=localhost; database=sample; uid=root; password=somepassword";
using (MySqlConnection mysqlconn = new MySqlConnection(conn))
{
string query = "INSERT INTO Name VALUES(" + Name + ")";
using (MySqlCommand cmd = new MySqlCommand(query, mysqlconn))
{
try
{
mysqlconn.Open();
cmd.ExecuteNonQuery();
}
catch (Exception)
{
}
finally
{
mysqlconn.Close();
mysqlconn.Dispose();
}
}
}
if (dataBase1 == "Ms Ascess")
{
String conn1 = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + path + "sample.mdb;Jet OLEDB:Database Password=somepassword";
using (OleDbConnection oledbconn = new OleDbConnection(conn1))
{
string query = "INSERT INTO Name VALUES(" + Name + ")";
using (OleDbCommand cmd = new OleDbCommand(query, oledbconn))
{
try
{
oledbconn.Open();
cmd.ExecuteNonQuery();
}
catch (Exception)
{
}
finally
{
oledbconn.Close();
oledbconn.Dispose();
}
}
}
}
}
}
推荐答案
首先,不要这样做 - 永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。改为使用参数化查询。
其次,因为你使用使用块,你不需要finally阻止,因为使用将在变量超出范围时处理数据。
第三,始终列出列你试图插入:它使你的代码在数据库更改时更健壮,更容易维护。
第四,永远不要吞下异常 - 这意味着你永远不会知道出了什么问题而且它会产生代码几乎不可能调试,因为你不知道它何时开始出错。记录它们,告诉用户,使应用程序崩溃。随你。但是不要吞下它们。
Firstly, don't do it like that - never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Secondly, because you are using ausingblock, you don't need thefinallyblock, because theusingwill Dispose the data when the variable goes out of scope.
Thirdly, always list the columns you are trying to insert to: it makes your code more robust and easier to maintain when the DB changes.
Fourthly, never swallow exceptions - that means you never know that something has gone wrong and it makes code pretty much impossible to debug because you don't have any idea where it started to go wrong. Log 'em, tell the user, crash the app. Whatever. But don't swallow them.
private void Form1_Load(object sender, EventArgs e)
{
if (dataBase == "MySql")
{
String conn = "server=localhost; database=sample; uid=root; password=somepassword";
using (MySqlConnection mysqlconn = new MySqlConnection(conn))
{
string query = "INSERT INTO Name (MyColumn) VALUES(@NM)";
using (MySqlCommand cmd = new MySqlCommand(query, mysqlconn))
{
mysqlconn.Open();
cmd.Parameters.AddWithValue("@NM", Name);
cmd.ExecuteNonQuery();
}
}
}
...
使用基本接口,如IDBConnection,IDBCommand等: IDbCommand Interface(System.Data) [ ^ ]
Use the base interfaces likeIDBConnection,IDBCommandetc. : IDbCommand Interface (System.Data)[^]
这篇关于有没有办法简化我的代码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
