C#中的存储过程和类 [英] storedprocedure and class in c#

问题描述

hi
我有一个使用此代码的课程

hi
i have a class with this code

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data.SqlClient;
using System.Data;

public class DataAccess
{
    SqlConnection _MyConnection = new SqlConnection();
    SqlCommand _MyCommand = new SqlCommand();
    SqlDataAdapter _MyAdapter = new SqlDataAdapter();

    private bool OpenConnection()
    {
        try
        {
            _MyConnection.ConnectionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=|DataDirectory|ASPNETDB.MDF;Integrated Security=True;User Instance=True";
            if (_MyConnection.State == System.Data.ConnectionState.Closed)
            {
                _MyConnection.Open();
                return true;
            }
            return false;
        }
        catch 
        { 
            return false;
        }
   
    }
    private void CloseConnection()
    {
        _MyConnection.Close();
    }

    public int ExeIUDQuery(string Query)
    {
        OpenConnection();
        _MyCommand.Connection = _MyConnection;
        _MyCommand.CommandText = Query;
        int RowAffectedCount = _MyCommand.ExecuteNonQuery();
        CloseConnection();
        return RowAffectedCount;
    }

    public DataSet ExeSQuery(string Query)
    {
        OpenConnection();
        _MyCommand.Connection = _MyConnection;
        _MyCommand.CommandText = Query;
        _MyAdapter.SelectCommand = _MyCommand;
        DataSet __DS = new DataSet();
        _MyAdapter.Fill(__DS);
        CloseConnection();
        return __DS;
    }
    public DataAccess()
	{
		
	}
}

，例如通过此代码插入数据的表单:

and for example a form with insert data by this code :

protected void Button1_Click(object sender, EventArgs e)
    {

        string user = Txtuser.Text;
        string pas = Txtpass.Text;
        string query = "";
        query = "INSERT INTO a (name,family) VALUES ( + user + ,+ pas+ );
        DataAccess DA = new DataAccess();
        DA.ExeIUDQuery(query);
    }

如何在此程序中使用storedprocedur
我需要帮助来创建程序的存储过程
请帮我
坦克

how to use a storedprocedur for this program
i need help for create storedprocidured for program
pleas help me
tanks

推荐答案

这些都没有任何意义.这是可怕的代码.

1-您永远不会将事情分解为可以运行ANY SQL的地步，而是编写知道它在做什么的强类型代码
2-您绝对不要将原始文本传递给SQL，这样做会使您容易受到SQL注入攻击.我可以使用此表格删除整个数据库
3-您将数据访问类设置为静态，不想在每次调用时都创建它

网络上广泛记录了如何编写存储的proc.如何称呼它们也被广泛报道.从这一点很明显，您不需要任何需要"，因为您显然只是在自学，没有人会为此代码付钱.因此，我建议您购买一些书并仔细阅读，以学习编写数据层的正确方法，并学习如何执行存储过程等.网上也有很多文章，它们的深度不只是论坛回复，而且您显然需要获得所有帮助.

None of this makes any sense. This is horrible code.

1 - you never factor things out to the point that you can run ANY SQL, you write strongly typed code that knows what it''s doing
2 - You NEVER pass raw text in to SQL, by doing this, you open yourself to SQL injection attacks. I can delete your whole database by using this form
3 - You make your data access class static, you don''t want to have to create it every time you make a call

How to write stored procs is widely documented on the web. How to call them is also widely reported. It''s clear from this that you don''t have any ''need'' in the sense that you''re clearly just teaching yourself, no-one could be paying for this code. So, I suggest you buy some books and work through them and learn the right way to write a data layer, as well as learning how to execute stored procs etc, on the way. There''s lots of online articles, too, and they will go in to more depth than a forum reply, and you clearly need all the help you can get.

这篇关于C#中的存储过程和类的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！