如何使用参数分解对 ado.net 的调用?
How to factorize calls to ado.net with parameters?
我想将我的 Web 应用程序中存在的对 ado.net 的所有调用分解为不重复连接字符串和 open/close 方法。对于没有参数的调用,我成功地做到了,但是对于有参数的调用,我需要帮助。
例如,我有:
Dim strConnexion As String = "myConnectionString"
Dim strRequete As String = "DELETE FROM tbl_devis WHERE id_devis = " + TBDevis.Text
Dim oConnection As New SqlConnection(strConnexion)
Dim oCommand As New SqlCommand(strRequete, oConnection)
oConnection.Open()
oConnection.ExecuteNonQuery()
oConnection.Close()
我将其分解为:
ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = " + TBDevis.Text)
以及ExecuteRequest的代码:
Public Shared Sub ExecuteRequest(ByVal strRequest As String)
Dim strConnection As String = ChaineDeConnexion()
Using objConnection = New SqlConnection(strConnection)
Dim objCommand As SqlCommand
objCommand = New SqlCommand(strRequest, objConnection)
objCommand.Connection.Open()
objCommand.ExecuteNonQuery()
End Using
End Sub
但我希望能够向执行请求传递一组参数。这是我要分解哪种代码的一个非常简单的示例:
Dim strConnexion As String = "myConnectionString"
Dim strRequete As String = "DELETE FROM tbl_devis WHERE id_devis = @id_devis"
Dim oConnection As New SqlConnection(strConnexion)
Dim oCommand As New SqlCommand(strRequete, oConnection)
With (myCommand.Parameters)
.Add(New SqlParameter("@id_devis", SqlDbType.Int))
End With
With myCommand
.Parameters("@id_devis").Value = TBDevis.Text
End With
oConnection.Open()
oConnection.ExecuteNonQuery()
oConnection.Close()
我正在考虑编辑我的 ExecuteRequest 函数以添加可选参数集合:
Public Shared Sub ExecuteRequest(ByVal strRequest As String, Optional ByRef sqlParameters As SqlParameterCollection = Nothing)
Dim strConnection As String = ChaineDeConnexion()
Using objConnection = New SqlConnection(strConnection)
Dim objCommand As SqlCommand
objCommand = New SqlCommand(strRequest, objConnection)
objCommand.Parameters = sqlParameters 'objCommand.Parameters is readonly property
objCommand.Connection.Open()
objCommand.ExecuteNonQuery()
End Using
End Sub
但是 VS 告诉我 objCommand.Parameters 是只读的 属性...
我看到两个解决方案:
- 传递包含参数名称、值和类型的数组,并循环遍历数组
- 使用这样的所有参数创建字符串请求:"DELETE FROM tbl_devis WHERE id_devis = " + TBDevis.Text ...但是当有 30 个参数时,我猜这是一个肮脏的解决方案?
请问哪一个是最清洁、最强大的解决方案?
感谢您的帮助!
ParamArray 就是您要找的。
像这样更新您的 ExecuteRequest:
Public Sub ExecuteRequest(ByVal strRequest As String, ParamArray Params() As SqlParameter)
Dim strConnexion As String = "myConnectionString"
Using Conn As New SqlConnection(strConnexion), Cmd As New SqlCommand(strRequest, Conn)
Cmd.Parameters.AddRange(Params)
Conn.Open()
Cmd.ExecuteNonQuery()
End Using
End Sub
然后你可以这样称呼它
ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = @id_devis", New SqlParameter("@id_devis", CInt(TBDevis.Text)))
我还建议创建带有更多重载的函数 sqlPar(Name As String, Value As Object) 以简化对
的调用
ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = @id_devis", sqlPar("@id_devis", TBDevis.Text))
ParamArray 允许您像这样添加未定义数量的参数
ExecuteRequest("SELECT ID FROM Table WHERE ID IN (@A, @B, @C, @D)", sqlPar("@A", 1), sqlPar("@B", 2), sqlPar("@C", 3), sqlPar("@D", 4))
您应该始终 使用 SqlParameter 而不是字符串连接来防止 SQL 注入。
您也应该始终对 IDisposable 资源使用 Using。
我想将我的 Web 应用程序中存在的对 ado.net 的所有调用分解为不重复连接字符串和 open/close 方法。对于没有参数的调用,我成功地做到了,但是对于有参数的调用,我需要帮助。
例如,我有:
Dim strConnexion As String = "myConnectionString"
Dim strRequete As String = "DELETE FROM tbl_devis WHERE id_devis = " + TBDevis.Text
Dim oConnection As New SqlConnection(strConnexion)
Dim oCommand As New SqlCommand(strRequete, oConnection)
oConnection.Open()
oConnection.ExecuteNonQuery()
oConnection.Close()
我将其分解为:
ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = " + TBDevis.Text)
以及ExecuteRequest的代码:
Public Shared Sub ExecuteRequest(ByVal strRequest As String)
Dim strConnection As String = ChaineDeConnexion()
Using objConnection = New SqlConnection(strConnection)
Dim objCommand As SqlCommand
objCommand = New SqlCommand(strRequest, objConnection)
objCommand.Connection.Open()
objCommand.ExecuteNonQuery()
End Using
End Sub
但我希望能够向执行请求传递一组参数。这是我要分解哪种代码的一个非常简单的示例:
Dim strConnexion As String = "myConnectionString"
Dim strRequete As String = "DELETE FROM tbl_devis WHERE id_devis = @id_devis"
Dim oConnection As New SqlConnection(strConnexion)
Dim oCommand As New SqlCommand(strRequete, oConnection)
With (myCommand.Parameters)
.Add(New SqlParameter("@id_devis", SqlDbType.Int))
End With
With myCommand
.Parameters("@id_devis").Value = TBDevis.Text
End With
oConnection.Open()
oConnection.ExecuteNonQuery()
oConnection.Close()
我正在考虑编辑我的 ExecuteRequest 函数以添加可选参数集合:
Public Shared Sub ExecuteRequest(ByVal strRequest As String, Optional ByRef sqlParameters As SqlParameterCollection = Nothing)
Dim strConnection As String = ChaineDeConnexion()
Using objConnection = New SqlConnection(strConnection)
Dim objCommand As SqlCommand
objCommand = New SqlCommand(strRequest, objConnection)
objCommand.Parameters = sqlParameters 'objCommand.Parameters is readonly property
objCommand.Connection.Open()
objCommand.ExecuteNonQuery()
End Using
End Sub
但是 VS 告诉我 objCommand.Parameters 是只读的 属性...
我看到两个解决方案:
- 传递包含参数名称、值和类型的数组,并循环遍历数组
- 使用这样的所有参数创建字符串请求:"DELETE FROM tbl_devis WHERE id_devis = " + TBDevis.Text ...但是当有 30 个参数时,我猜这是一个肮脏的解决方案?
请问哪一个是最清洁、最强大的解决方案?
感谢您的帮助!
ParamArray 就是您要找的。
像这样更新您的 ExecuteRequest:
Public Sub ExecuteRequest(ByVal strRequest As String, ParamArray Params() As SqlParameter)
Dim strConnexion As String = "myConnectionString"
Using Conn As New SqlConnection(strConnexion), Cmd As New SqlCommand(strRequest, Conn)
Cmd.Parameters.AddRange(Params)
Conn.Open()
Cmd.ExecuteNonQuery()
End Using
End Sub
然后你可以这样称呼它
ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = @id_devis", New SqlParameter("@id_devis", CInt(TBDevis.Text)))
我还建议创建带有更多重载的函数 sqlPar(Name As String, Value As Object) 以简化对
的调用ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = @id_devis", sqlPar("@id_devis", TBDevis.Text))
ParamArray 允许您像这样添加未定义数量的参数
ExecuteRequest("SELECT ID FROM Table WHERE ID IN (@A, @B, @C, @D)", sqlPar("@A", 1), sqlPar("@B", 2), sqlPar("@C", 3), sqlPar("@D", 4))
您应该始终 使用 SqlParameter 而不是字符串连接来防止 SQL 注入。
您也应该始终对 IDisposable 资源使用 Using。