Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/vb.net/15.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/logging/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Vb.net 如何使用参数分解对ado.net的调用?_Vb.net_Ado.net - Fatal编程技术网
Fatal编程技术网
  • vb.net/
  • Vb.net 如何使用参数分解对ado.net的调用?

Vb.net 如何使用参数分解对ado.net的调用?

vb.net

Vb.net 如何使用参数分解对ado.net的调用?,vb.net,ado.net,Vb.net,Ado.net,我希望将web应用程序中存在的对ado.net的所有调用分解,以避免在连接字符串和打开/关闭方法上重复。对于没有参数的调用,我成功地做到了这一点,但是对于有参数的调用,我需要帮助 例如,我有: Dim strConnexion As String = "myConnectionString" Dim strRequete As String = "DELETE FROM tbl_devis WHERE id_devis = " + TBDevis.Text Dim oConnection As

我希望将web应用程序中存在的对ado.net的所有调用分解,以避免在连接字符串和打开/关闭方法上重复。对于没有参数的调用,我成功地做到了这一点,但是对于有参数的调用,我需要帮助

例如,我有:

Dim strConnexion As String = "myConnectionString"
Dim strRequete As String = "DELETE FROM tbl_devis WHERE id_devis = " + TBDevis.Text
Dim oConnection As New SqlConnection(strConnexion)
Dim oCommand As New SqlCommand(strRequete, oConnection)
oConnection.Open()
oConnection.ExecuteNonQuery()
oConnection.Close()
我将其分解为:

ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = " + TBDevis.Text)
以及ExecuteRequest的代码:

Public Shared Sub ExecuteRequest(ByVal strRequest As String)
    Dim strConnection As String = ChaineDeConnexion()
    Using objConnection = New SqlConnection(strConnection)
        Dim objCommand As SqlCommand
        objCommand = New SqlCommand(strRequest, objConnection)
        objCommand.Connection.Open()
        objCommand.ExecuteNonQuery()
    End Using
End Sub
但我希望能够传递一组参数来执行请求。这是一个非常简单的示例,说明了我想要分解哪种代码:

Dim strConnexion As String = "myConnectionString"
Dim strRequete As String = "DELETE FROM tbl_devis WHERE id_devis = @id_devis"
Dim oConnection As New SqlConnection(strConnexion)
Dim oCommand As New SqlCommand(strRequete, oConnection)
With (myCommand.Parameters)
    .Add(New SqlParameter("@id_devis", SqlDbType.Int))
End With
With myCommand
    .Parameters("@id_devis").Value = TBDevis.Text
End With
oConnection.Open()
oConnection.ExecuteNonQuery()
oConnection.Close()
我正在考虑编辑ExecuteRequest函数以添加可选参数集合:

Public Shared Sub ExecuteRequest(ByVal strRequest As String, Optional ByRef sqlParameters As SqlParameterCollection = Nothing)
    Dim strConnection As String = ChaineDeConnexion()
    Using objConnection = New SqlConnection(strConnection)
        Dim objCommand As SqlCommand
        objCommand = New SqlCommand(strRequest, objConnection)
        objCommand.Parameters = sqlParameters   'objCommand.Parameters is readonly property
        objCommand.Connection.Open()
        objCommand.ExecuteNonQuery()
    End Using
End Sub
但是VS告诉我objCommand.Parameters是一个只读属性

我看到两种解决办法:

  • 传递包含参数名称、值和类型的数组,并在数组中循环
  • 使用所有参数创建字符串请求,如:“DELETE FROM tbl_design WHERE id_design=“+tbdesign.Text…”。。。但当有30个参数时,我想这是一个肮脏的解决方案
请问哪一个是更干净、最强的解决方案

谢谢你的帮助

ParamArray就是您要找的

按如下方式更新ExecuteRequest:

Public Sub ExecuteRequest(ByVal strRequest As String, ParamArray Params() As SqlParameter)
    Dim strConnexion As String = "myConnectionString"
    Using Conn As New SqlConnection(strConnexion), Cmd As New SqlCommand(strRequest, Conn)
        Cmd.Parameters.AddRange(Params)
        Conn.Open()
        Cmd.ExecuteNonQuery()
    End Using
End Sub
然后你可以这样称呼它

ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = @id_devis", New SqlParameter("@id_devis", CInt(TBDevis.Text)))
我还建议创建函数sqlPar(名称为字符串,值为对象),并使用少量重载来简化对的调用

ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = @id_devis", sqlPar("@id_devis",  TBDevis.Text))
ParamArray允许您添加如下未定义数量的参数

ExecuteRequest("SELECT ID FROM Table WHERE ID IN (@A, @B, @C, @D)", sqlPar("@A", 1), sqlPar("@B", 2), sqlPar("@C", 3), sqlPar("@D", 4))
您应该始终使用SqlParameter而不是字符串连接来防止SQL注入

您也应该始终使用Using作为IDisposable资源。

ParamArray就是您要寻找的

按如下方式更新ExecuteRequest:

Public Sub ExecuteRequest(ByVal strRequest As String, ParamArray Params() As SqlParameter)
    Dim strConnexion As String = "myConnectionString"
    Using Conn As New SqlConnection(strConnexion), Cmd As New SqlCommand(strRequest, Conn)
        Cmd.Parameters.AddRange(Params)
        Conn.Open()
        Cmd.ExecuteNonQuery()
    End Using
End Sub
然后你可以这样称呼它

ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = @id_devis", New SqlParameter("@id_devis", CInt(TBDevis.Text)))
我还建议创建函数sqlPar(名称为字符串,值为对象),并使用少量重载来简化对的调用

ExecuteRequest("DELETE FROM tbl_devis WHERE id_devis = @id_devis", sqlPar("@id_devis",  TBDevis.Text))
ParamArray允许您添加如下未定义数量的参数

ExecuteRequest("SELECT ID FROM Table WHERE ID IN (@A, @B, @C, @D)", sqlPar("@A", 1), sqlPar("@B", 2), sqlPar("@C", 3), sqlPar("@D", 4))
您应该始终使用SqlParameter而不是字符串连接来防止SQL注入

您还应该始终使用Using作为IDisposable资源