Vb.net利用数据工厂建立(DBMS)数据操作模型
Imports System.Configuration '还需要引用system.configuration <add name="数据工厂测试.My.MySettings.Setting" connectionString="Data Source=wangli;Initial Catalog=VideoGames;Persist Security Info=True;User ID=sa;Password=sa" Public Class ClsFactory Public Sub Delete(ByVal pId As Integer) '获得连接字符串 Dim css As ConnectionStringSettings css = ConfigurationManager.ConnectionStrings("VideoGameStoreDb") '在数据连接的上建立工厂类 Dim Factory As DbProviderFactory Factory = DbProviderFactories.GetFactory(css.ProviderName) '建立连接 ,执行任务 Using conn As DbConnection = Factory.CreateConnection conn.ConnectionString = css.ConnectionString '生成命令 Using cmd As DbCommand = Factory.CreateCommand cmd.Connection = conn cmd.CommandType = CommandType.Text cmd.CommandText = "delete from customer where customerId=@id" '创建ID参数 Dim paramID As DbParameter paramID = Factory.CreateParameter paramID.ParameterName = "@id" paramID.Value = pId cmd.Parameters.Add(paramID) '打开连接,执行 conn.Open() Dim count As Integer count = cmd.ExecuteNonQuery conn.Close() If count < 1 Then Throw New ArgumentOutOfRangeException("id","序号没有找到") End If End Using End Using End Sub End Class
'为了降低SQL注入攻击的威胁(sql injection),建议使用参数,而不要使用字符串的连接。恶意SQL代码可能通过字符串的连接而执行。如:操作者可能在某一字段 输入一个右引号,后面跟完整SQL语句。由于该字符串会被追加到SELECT 语句的后面,引事情后的语句便会执行。 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |