帮助我..代码vb.net [英] Help ME..Sort Code vb.net
本文介绍了帮助我..代码vb.net的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有这段代码,但我认为这太长了......有什么可以帮助我的吗
i have this code but I think this is too long...there anything you can help me
no_lab char1s t1 t2 t3 t4 avrg percn
G0493/V/2015 Normal Seedling (%) 99 96 98 92 96.25 96.00
G0493/V/2015 Abnormal Seedling (%) 1 4 2 7 3.50 4.00
G0493/V/2015 Hard Seed (%) 0 0 0 0 0.00 0.00
G0493/V/2015 Fresh Seed (%) 0 0 0 0 0.00 0.00
G0493/V/2015 Dead Seed (%) 0 0 0 1 0.25 0.00
G0493/V/2015 Index Vigor (%) 87 83 84 81 83.75 84.00
G0493/V/2015 Germination (%) 99 96 98 92 96.25 96.00
openDB()
sql = "Select * From wip_vg WHERE (no_lab= '" & tnolab.Text & "') and (char1s='" & Label62.Text & "')"
cmd = New SqlClient.SqlCommand(sql, con)
cmd.CommandType = CommandType.Text
cmd.CommandText = sql
dread = cmd.ExecuteReader
While dread.Read
tVGns1.Text = dread.Item("t1")
tVGns2.Text = dread.Item("t2")
tVGns3.Text = dread.Item("t3")
tVGns4.Text = dread.Item("t4")
tVGavrgNs.Text = dread.Item("avrg")
tVGpcnNs.Text = dread.Item("percn")
End While
con.Close()
openDB()
sql = "Select * From wip_vg WHERE (no_lab= '" & tnolab.Text & "') and (char1s='" & Label63.Text & "')"
cmd = New SqlClient.SqlCommand(sql, con)
cmd.CommandType = CommandType.Text
cmd.CommandText = sql
dread = cmd.ExecuteReader
While dread.Read
tVGas1.Text = dread.Item("t1")
tVGas2.Text = dread.Item("t2")
tVGas3.Text = dread.Item("t3")
tVGas4.Text = dread.Item("t4")
tVGavrgAs.Text = dread.Item("avrg")
tVGpcnAs.Text = dread.Item("percn")
End While
con.Close()
openDB()
sql = "Select * From wip_vg WHERE (no_lab= '" & tnolab.Text & "') and (char1s='" & Label65.Text & "')"
cmd = New SqlClient.SqlCommand(sql, con)
'openDB()
cmd.CommandType = CommandType.Text
cmd.CommandText = sql
dread = cmd.ExecuteReader
While dread.Read
tVGhs1.Text = dread.Item("t1")
tVGhs2.Text = dread.Item("t2")
tVGhs3.Text = dread.Item("t3")
tVGhs4.Text = dread.Item("t4")
tVGavrgHs.Text = dread.Item("avrg")
tVGpcnHs.Text = dread.Item("percn")
End While
con.Close()
openDB()
sql = "Select * From wip_vg WHERE (no_lab= '" & tnolab.Text & "') and (char1s='" & Label66.Text & "')"
cmd = New SqlClient.SqlCommand(sql, con)
'openDB()
cmd.CommandType = CommandType.Text
cmd.CommandText = sql
dread = cmd.ExecuteReader
While dread.Read
tVGfs1.Text = dread.Item("t1")
tVGfs2.Text = dread.Item("t2")
tVGfs3.Text = dread.Item("t3")
tVGfs4.Text = dread.Item("t4")
tVGavrgFs.Text = dread.Item("avrg")
tVGpcnFs.Text = dread.Item("percn")
End While
con.Close()
openDB()
sql = "Select * From wip_vg WHERE (no_lab= '" & tnolab.Text & "') and (char1s='" & Label67.Text & "')"
cmd = New SqlClient.SqlCommand(sql, con)
'openDB()
cmd.CommandType = CommandType.Text
cmd.CommandText = sql
dread = cmd.ExecuteReader
While dread.Read
tVGds1.Text = dread.Item("t1")
tVGds2.Text = dread.Item("t2")
tVGds3.Text = dread.Item("t3")
tVGds4.Text = dread.Item("t4")
tVGavrgDs.Text = dread.Item("avrg")
tVGpcnDs.Text = dread.Item("percn")
End While
con.Close()
openDB()
sql = "Select * From wip_vg WHERE (no_lab= '" & tnolab.Text & "') and (char1s='" & Label64.Text & "')"
cmd = New SqlClient.SqlCommand(sql, con)
'openDB()
cmd.CommandType = CommandType.Text
cmd.CommandText = sql
dread = cmd.ExecuteReader
While dread.Read
tVGiv1.Text = dread.Item("t1")
tVGiv2.Text = dread.Item("t2")
tVGiv3.Text = dread.Item("t3")
tVGiv4.Text = dread.Item("t4")
tVGavrgIv.Text = dread.Item("avrg")
tVGpcnIv.Text = dread.Item("percn")
End While
con.Close()
openDB()
sql = "Select * From wip_vg WHERE (no_lab= '" & tnolab.Text & "') and (char1s='" & Label68.Text & "')"
cmd = New SqlClient.SqlCommand(sql, con)
'openDB()
cmd.CommandType = CommandType.Text
cmd.CommandText = sql
dread = cmd.ExecuteReader
While dread.Read
tVGgm1.Text = dread.Item("t1")
tVGgm2.Text = dread.Item("t2")
tVGgm3.Text = dread.Item("t3")
tVGgm4.Text = dread.Item("t4")
tVGavrgGm.Text = dread.Item("avrg")
tVGpcnGm.Text = dread.Item("percn")
End While
con.Close()
推荐答案
长度无关紧要,但你的代码可以重构以摆脱这些缺陷:
- 无需关闭然后重新打开每个请求之间的连接。
- 从不,通过连接从用户输入获得的字符串来构造SQL查询。这会使您的代码对SQL注入攻击开放。更好地使用参数化查询。
例如:
The length does not matter so much, but your code could be refactored to get rid of these flaws:
- There is no need to close then reopen the connection between each request.
- Never, ever, construct SQL queries by concatenating string obtained from user inputs. This leaves your code opened to SQL injection attacks. Better use parameterized queries instead.
For example:
sql = "Select * From wip_vg WHERE (no_lab = @noLab) and (char1s = @char1s)";
// ...
cmd.Parameters.AddWithValue("@noLab", tnolab.Text);
cmd.Parameters.AddWithValue("@char1s", Label65.Text);
// ...
不要介意代码的长度:这是你遇到的最少的问题!
你知道你的用户可能会损坏或删除你的数据库吗通过键入文本框?不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
然后看看为什么要在你的SqlReaders上循环,只使用最终结果;以及为什么你有几组几乎完全相同的代码...
Never mind the length of your code: that is the least of your problems!
Were you aware that your users can damage or delete your database just by typing in the text boxes? Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Then look at why you are looping on yours SqlReaders, and only using the final result; and why you have several sets of almost identical code...
甚至10000倍的代码也不会成为编译器的问题,但对你来说这将是一个问题。
因此,对于编译器,没有任何实际限制,你很快就会达到。
唯一的实际限制是你,因为很快你将无法维护那么庞大的代码,并组织较小的代码片段(许多文件)将对您有所帮助。
您的代码唯一关注的是效率低下。因为低效的代码很慢。
请参阅其他解决方案,列出不应该做的事情。
Even code 10000 times bigger will not be a problem for the compiler, but it will be a problem for you.
So, for the compiler, there is no practical limit that you will reach any time soon.
the only practical limit is you because soon you will be unable to maintain that huge code, and organising in smaller pieces of code (many files) will help you.
The only concern with your code is the inefficiency. because inefficient code is slow.
see other solutions for a list of what should not be done.
这篇关于帮助我..代码vb.net的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
