从Access数据库中获取数据的正确方法 [英] Proper way of getting a data from an Access Database
问题描述
我有点糊涂了如何从Access数据库获取数据。它是正确的,首先聚集在一个列表,然后从列表中获得这些数据,或者它是好的,只是直接得到它在你的数据库?
I'm a bit confused of how to get a data from an access database. Is it proper to gather it first in a List then get those data from your List OR it is okay to just directly get it in you database ?
我的代码完全正常工作,但我想知道是否有更好的方法来做到这一点?
My codes work perfectly fine, but I wanna know if there is a better way to do this?? :
private void button3_Click(object sender, EventArgs e)
{
OleDbConnection connection = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\redgabanan\Desktop\Gabanan_Red_dbaseCon\Red_Database.accdb");
connection.Open();
OleDbDataReader reader = null;
OleDbCommand command = new OleDbCommand("SELECT * from Users WHERE LastName='"+textBox8.Text+"'", connection);
reader = command.ExecuteReader();
listBox1.Items.Clear();
while (reader.Read())
{
listBox1.Items.Add(reader[1].ToString()+","+reader[2].ToString());
}
connection.Close();
*我得到我的记录直接从数据库中,然后在列表框显示出来。
*I'm getting my records directly from a database then display it in a listbox.
推荐答案
有一件事是伸出像突兀的是SQL注入攻击,并使用参数化的查询,如:
One thing that is sticking out like a sore thumb is the SQLInjection and to use Parameterised queries, eg:
OleDbCommand command = new OleDbCommand("SELECT * from Users WHERE LastName='@1'", connection);
command.Parameters.AddWithValue("@1", textBox8.Text)
< 。p>你做的是完全可以接受什么,虽然你一般会过得更好使用SQL数据库
What your doing is perfectly acceptable, although you would generally be better off to use a SQL Database.
编辑:
这里是你如何独立业务从GUI逻辑:
Here is how you seperate your business logic from the GUI:
Class BusLogic
{
public List<string> ListboxItems = new List<string>();
public void PopulateListBoxItems(string userName)
{
string connString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\redgabanan\Desktop\Gabanan_Red_dbaseCon\Red_Database.accdb";
using (OleDbConnection connection = new OleDbConnection(connString))
{
connection.Open();
OleDbDataReader reader = null;
OleDbCommand command = new OleDbCommand("SELECT * from Users WHERE LastName='@1'", connection);
command.Parameters.AddWithValue("@1", userName)
reader = command.ExecuteReader();
while (reader.Read())
{
ListboxItems.Add(reader[1].ToString()+","+reader[2].ToString());
}
}
}
}
GUI
GUI
private void button3_Click(object sender, EventArgs e)
{
var busLogic = new BusLogic();
busLogic.PopulateListBoxItems(textBox8.Text);
\\listBox1.Items.Clear();
ListboxItems.DataSource = busLogic.ListboxItems;
}
这篇关于从Access数据库中获取数据的正确方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!