Vb.net 如何使用参数分解对ado.net的调用?
我希望将web应用程序中存在的对ado.net的所有调用分解,以避免在连接字符串和打开/关闭方法上重复。对于没有参数的调用,我成功地做到了这一点,但是对于有参数的调用,我需要帮助 例如,我有:Vb.net 如何使用参数分解对ado.net的调用?,vb.net,ado.net,Vb.net,Ado.net,我希望将web应用程序中存在的对ado.net的所有调用分解,以避免在连接字符串和打开/关闭方法上重复。对于没有参数的调用,我成功地做到了这一点,但是对于有参数的调用,我需要帮助 例如,我有: Dim strConnexion As String = "myConnectionString" Dim strRequete As String = "DELETE FROM tbl_devis WHERE id_devis = " + TBDevis.Text Dim oConnection As
Dim strConnexion As String = "myConnectionString"
Dim strRequete As String = "DELETE FROM tbl_devis WHERE id_devis = " + TBDevis.Text
Dim oConnection As New SqlConnection(strConnexion)
Dim oCommand As New SqlCommand(strRequete, oConnection)
oConnection.Open()
oConnection.ExecuteNonQuery()
oConnection.Close()
我将其分解为:
ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = " + TBDevis.Text)
以及ExecuteRequest的代码:
Public Shared Sub ExecuteRequest(ByVal strRequest As String)
Dim strConnection As String = ChaineDeConnexion()
Using objConnection = New SqlConnection(strConnection)
Dim objCommand As SqlCommand
objCommand = New SqlCommand(strRequest, objConnection)
objCommand.Connection.Open()
objCommand.ExecuteNonQuery()
End Using
End Sub
但我希望能够传递一组参数来执行请求。这是一个非常简单的示例,说明了我想要分解哪种代码:
Dim strConnexion As String = "myConnectionString"
Dim strRequete As String = "DELETE FROM tbl_devis WHERE id_devis = @id_devis"
Dim oConnection As New SqlConnection(strConnexion)
Dim oCommand As New SqlCommand(strRequete, oConnection)
With (myCommand.Parameters)
.Add(New SqlParameter("@id_devis", SqlDbType.Int))
End With
With myCommand
.Parameters("@id_devis").Value = TBDevis.Text
End With
oConnection.Open()
oConnection.ExecuteNonQuery()
oConnection.Close()
我正在考虑编辑ExecuteRequest函数以添加可选参数集合:
Public Shared Sub ExecuteRequest(ByVal strRequest As String, Optional ByRef sqlParameters As SqlParameterCollection = Nothing)
Dim strConnection As String = ChaineDeConnexion()
Using objConnection = New SqlConnection(strConnection)
Dim objCommand As SqlCommand
objCommand = New SqlCommand(strRequest, objConnection)
objCommand.Parameters = sqlParameters 'objCommand.Parameters is readonly property
objCommand.Connection.Open()
objCommand.ExecuteNonQuery()
End Using
End Sub
但是VS告诉我objCommand.Parameters是一个只读属性
我看到两种解决办法:
- 传递包含参数名称、值和类型的数组,并在数组中循环
- 使用所有参数创建字符串请求,如:“DELETE FROM tbl_design WHERE id_design=“+tbdesign.Text…”。。。但当有30个参数时,我想这是一个肮脏的解决方案
谢谢你的帮助 ParamArray就是您要找的 按如下方式更新ExecuteRequest:
Public Sub ExecuteRequest(ByVal strRequest As String, ParamArray Params() As SqlParameter)
Dim strConnexion As String = "myConnectionString"
Using Conn As New SqlConnection(strConnexion), Cmd As New SqlCommand(strRequest, Conn)
Cmd.Parameters.AddRange(Params)
Conn.Open()
Cmd.ExecuteNonQuery()
End Using
End Sub
然后你可以这样称呼它
ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = @id_devis", New SqlParameter("@id_devis", CInt(TBDevis.Text)))
我还建议创建函数sqlPar(名称为字符串,值为对象),并使用少量重载来简化对的调用
ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = @id_devis", sqlPar("@id_devis", TBDevis.Text))
ParamArray允许您添加如下未定义数量的参数
ExecuteRequest("SELECT ID FROM Table WHERE ID IN (@A, @B, @C, @D)", sqlPar("@A", 1), sqlPar("@B", 2), sqlPar("@C", 3), sqlPar("@D", 4))
您应该始终使用SqlParameter而不是字符串连接来防止SQL注入
您也应该始终使用Using作为IDisposable资源。ParamArray就是您要寻找的 按如下方式更新ExecuteRequest:
Public Sub ExecuteRequest(ByVal strRequest As String, ParamArray Params() As SqlParameter)
Dim strConnexion As String = "myConnectionString"
Using Conn As New SqlConnection(strConnexion), Cmd As New SqlCommand(strRequest, Conn)
Cmd.Parameters.AddRange(Params)
Conn.Open()
Cmd.ExecuteNonQuery()
End Using
End Sub
然后你可以这样称呼它
ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = @id_devis", New SqlParameter("@id_devis", CInt(TBDevis.Text)))
我还建议创建函数sqlPar(名称为字符串,值为对象),并使用少量重载来简化对的调用
ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = @id_devis", sqlPar("@id_devis", TBDevis.Text))
ParamArray允许您添加如下未定义数量的参数
ExecuteRequest("SELECT ID FROM Table WHERE ID IN (@A, @B, @C, @D)", sqlPar("@A", 1), sqlPar("@B", 2), sqlPar("@C", 3), sqlPar("@D", 4))
您应该始终使用SqlParameter而不是字符串连接来防止SQL注入
您还应该始终使用Using作为IDisposable资源