Vb.net利用数据工厂建立(DBMS)数据操作模型
|
Imports System.Configuration '还需要引用system.configuration <add name="数据工厂测试.My.MySettings.Setting" connectionString="Data Source=wangli;Initial Catalog=VideoGames;Persist Security Info=True;User ID=sa;Password=sa" Public Class ClsFactory
Public Sub Delete(ByVal pId As Integer)
'获得连接字符串
Dim css As ConnectionStringSettings
css = ConfigurationManager.ConnectionStrings("VideoGameStoreDb")
'在数据连接的上建立工厂类
Dim Factory As DbProviderFactory
Factory = DbProviderFactories.GetFactory(css.ProviderName)
'建立连接 ,执行任务
Using conn As DbConnection = Factory.CreateConnection
conn.ConnectionString = css.ConnectionString
'生成命令
Using cmd As DbCommand = Factory.CreateCommand
cmd.Connection = conn
cmd.CommandType = CommandType.Text
cmd.CommandText = "delete from customer where customerId=@id"
'创建ID参数
Dim paramID As DbParameter
paramID = Factory.CreateParameter
paramID.ParameterName = "@id"
paramID.Value = pId
cmd.Parameters.Add(paramID)
'打开连接,执行
conn.Open()
Dim count As Integer
count = cmd.ExecuteNonQuery
conn.Close()
If count < 1 Then
Throw New ArgumentOutOfRangeException("id","序号没有找到")
End If
End Using
End Using
End Sub
End Class
'为了降低SQL注入攻击的威胁(sql injection),建议使用参数,而不要使用字符串的连接。恶意SQL代码可能通过字符串的连接而执行。如:操作者可能在某一字段 输入一个右引号,后面跟完整SQL语句。由于该字符串会被追加到SELECT 语句的后面,引事情后的语句便会执行。 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |