C# asp.net中第三层(数据访问层)的Db Manager类
我遵循三层架构来构建网站。为此,我创建了一个名为DB Manager的类 这是上课时间C# asp.net中第三层(数据访问层)的Db Manager类,c#,asp.net,data-access-layer,3-tier,C#,Asp.net,Data Access Layer,3 Tier,我遵循三层架构来构建网站。为此,我创建了一个名为DB Manager的类 这是上课时间 namespace DAL { class DBManager { private static DataTable dt = new DataTable(); private static string ConnectionString = System.Configuration.ConfigurationManager.AppSettings["SQLSE
namespace DAL
{
class DBManager
{
private static DataTable dt = new DataTable();
private static string ConnectionString = System.Configuration.ConfigurationManager.AppSettings["SQLSERVER"];
public static int ExecuteNonQuery(string query)
{
int result;
SqlConnection con = new SqlConnection(ConnectionString);
SqlCommand command = new SqlCommand(query, con);
try
{
con.Open();
result = command.ExecuteNonQuery();
con.Close();
}
catch
{
result = -1;
}
finally
{
con.Close();
}
return result;
}
public static DataTable ExecuteDataTable(string query)
{
SqlConnection con = new SqlConnection(ConnectionString);
SqlDataAdapter da = new SqlDataAdapter();
dt = new DataTable();
try
{
con.Open();
da.SelectCommand = new SqlCommand(query, con);
con.Close();
da.Fill(dt);
}
catch
{
dt.Rows.Clear();
}
return dt;
}
public static string ExecuteScaler(string query)
{
SqlConnection con = new SqlConnection(ConnectionString);
SqlDataAdapter da = new SqlDataAdapter();
string result = string.Empty;
try
{
con.Open();
da.SelectCommand = new SqlCommand(query, con);
con.Close();
dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count == 1 && dt.Columns.Count == 1)
{
result = dt.Rows[0][0].ToString();
}
}
catch
{
result = string.Empty;
}
return result;
}
public static bool ExecuteReader(string query)
{
bool result = false;
SqlConnection con = new SqlConnection(ConnectionString);
SqlDataAdapter da = new SqlDataAdapter();
try
{
con.Open();
da.SelectCommand = new SqlCommand(query, con);
con.Close();
dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count == 1 && dt.Columns.Count == 1)
{
if (dt.Rows[0][0].ToString() == "true")
{
result = true;
}
else
{
result = false;
}
}
} catch (Exception)
{
result = false;
}
return result;
}
}
}
当我这样问的时候
query = "insert into client(account_id, name, receive_email) values(" + accountId + ", '" + clientBLL.name + "', " + clientBLL.receiveMail + ");";
但是这种查询方法被认为是非常糟糕的想法。好的方法是向SqlCommand中提供要插入或检索的数据的参数
像这样
query = @"insert into accounts(email, password, user_type) output inserted.id values(@email, @password, @userType);";
cmd.Parameters.Add("email", SqlDbType.NVarChar).Value = bll.email;
cmd.Parameters.Add("password", SqlDbType.VarBinary).Value = bll.password;
cmd.Parameters.Add("userType", SqlDbType.Bit).Value = 0;
但是我的DB Manager类不支持此方法。我想要一个Db管理器类,它支持这个Sql命令查询方法,而不是旧的方法(我在前面表达过)。我该怎么做。显然,您需要向
DBmanager
类添加参数。它还缺少一些其他重要的方法。这是一个完整的类,您可以使用它。我使用web.config中的标准ConnectionStrings
部分,而不是AppSettings
部分。您可以修改web.config(推荐),也可以修改此类
//Author: Racil Hilan
//You are free to modify and use this class in any project, personal or commercial,
//as long as you include this note. The author assumes no responsibility whatsoever
//for any damage that results from using this class, and does not guarantee in any way
//the suitability of this class for any purpose.
using System;
using System.Configuration;
using System.Data;
using System.Data.Common;
using System.Data.SqlClient;
namespace DataLayer {
/// <summary>Class that encapsulates a SQL Server database connection and CRUD operations.</summary>
public class SQLServerDb : IDisposable {
private DbConnection _con;
/// <summary>Default constructor which uses the "DefaultConnection" connectionString.</summary>
public SQLServerDb() : this("DefaultConnection") { }
/// <summary>Constructor which takes the connection string name.</summary>
/// <param name="connectionStringName"></param>
public SQLServerDb(string connectionStringName) {
string connectionString = ConfigurationManager.ConnectionStrings[connectionStringName].ConnectionString;
_con = new SqlConnection(connectionString);
}
/// <summary>Executes a non-query command.</summary>
/// <param name="command">The command to execute.</param>
/// <returns>The count of records affected by the command.</returns>
public int ExecuteNonQuery(DbCommand command) {
int result = 0;
if (command == null)
throw new ArgumentException("Command cannot be null.");
try {
_con.Open();
result = command.ExecuteNonQuery();
}
finally {
_con.Close();
}
return result;
}
/// <summary>Executes a command that returns a single scalar value.</summary>
/// <param name="command">The command to execute.</param>
/// <returns>The value returned by executing the command.</returns>
public object ExecuteScalar(DbCommand command) {
object result = null;
if (command == null)
throw new ArgumentException("Command cannot be null.");
try {
_con.Open();
result = command.ExecuteScalar();
}
finally {
_con.Close();
}
return result;
}
/// <summary>Executes a command that returns a DataSet.</summary>
/// <param name="command">The command to execute.</param>
/// <returns>The DataSet returned by executing the ecommand.</returns>
public DataSet ExecuteDataSet(DbCommand command) {
DataSet ds = new DataSet();
if (command == null)
throw new ArgumentException("Command cannot be null.");
try {
DbDataAdapter ad = new SqlDataAdapter((SqlCommand)command);
ad.Fill(ds);
}
finally {
_con.Close();
}
return ds;
}
/// <summary>Creates a command with the given parameters.</summary>
/// <param name="commandText">The SQL query to execute.</param>
/// <returns>The created command.</returns>
public DbCommand GetSqlStringCommand(string commandText) {
return GetCommand(commandText, CommandType.Text);
}
/// <summary>Creates a command with the given parameters.</summary>
/// <param name="commandText">The name of the stored procedure to execute.</param>
/// <returns>The created command.</returns>
public DbCommand GetStoredProcedureCommand(string commandText) {
return GetCommand(commandText, CommandType.StoredProcedure);
}
/// <summary>Creates a command with the given parameters.</summary>
/// <param name="commandText">The name of the stored procedure to execute.</param>
/// <returns>The created command.</returns>
private DbCommand GetCommand(string commandText, CommandType commandType) {
DbCommand command = _con.CreateCommand();
command.CommandType = commandType;
command.CommandText = commandText;
return command;
}
/// <summary>Adds an in parameter to a command.</summary>
/// <param name="command">The SQL query to execute</param>
/// <param name="name">The name of the parameter.</param>
/// <param name="dbType">The type of the parameter.</param>
/// <param name="value">The value of the parameter.</param>
public void AddInParameter(DbCommand command, string name, DbType dbType, object value) {
AddParameter(command, name, dbType, value, ParameterDirection.Input, 0);
}
/// <summary>Adds an out parameter to a command.</summary>
/// <param name="command">The SQL query to execute</param>
/// <param name="name">The name of the parameter.</param>
/// <param name="dbType">The type of the parameter.</param>
/// <param name="size">The maximum size, in bytes, of the data within the column.</param>
public void AddOutParameter(DbCommand command, string name, DbType dbType, int size) {
AddParameter(command, name, dbType, null, ParameterDirection.Output, size);
}
/// <summary>Adds a parameter to a command.</summary>
/// <param name="command">The SQL query to execute</param>
/// <param name="name">The name of the parameter.</param>
/// <param name="dbType">The type of the parameter.</param>
/// <param name="value">The value of the parameter.</param>
/// <param name="direction">The direction for the parameter.</param>
/// <param name="size">The maximum size, in bytes, of the data within the column.</param>
private void AddParameter(DbCommand command, string name, DbType dbType, object value, ParameterDirection direction, int size) {
var parameter = command.CreateParameter();
parameter.ParameterName = name;
parameter.DbType = dbType;
parameter.Value = value ?? DBNull.Value;
parameter.Direction = direction;
if (size > 0)
parameter.Size = size;
command.Parameters.Add(parameter);
}
public void Dispose() {
if (_con != null) {
_con.Dispose();
_con = null;
}
}
}
}
要将其用于存储过程而不是查询,请使用
GetStoredProcedureCommand()
而不是GetSqlStringCommand()
one.Oh boy!我怎样才能做到这一点。。。显然,您需要向DB管理器添加参数。我有一个完整的课程,我可以传给你。但老实说,你为什么不使用现成的东西呢?查查,这是一个很酷的图书馆。是的!但我不想使用图书馆。你能给我上课吗?谢谢你的时间!密码在字节数组中,因为我在存储之前对它进行了加密。不应该加密密码,应该对它们进行散列,散列是字符串。为此,请使用内置的CreateHash()
和VerifyHashedPassword()
函数。永远不要尝试实现自己的安全性,始终使用知名的库。我使用md5加密,并将其存储在二进制数据类型的数据库中。现在要改变什么?数据库列类型二进制到nvarchar?否,到varchar
。散列只有ASCII字符,因此不需要Unicodenvarchar
。
var db = new SQLServerDb();
string sql = @"INSERT INTO accounts(email, password, user_type) VALUES(@email, @password, @userType);";
DbCommand cmd = db.GetSqlStringCommand(sql);
db.AddInParameter(cmd, "@email", DbType.String, bll.email);
db.AddInParameter(cmd, "@password", DbType.String, bll.password);
db.AddInParameter(cmd, "@userType", DbType.Boolean, bll.userType);
DataRow dr = db.ExecuteDataSet(cmd).Tables[0].Rows[0];