易截截图软件、单文件、免安装、纯绿色、仅160KB

Parameter Queries in ASP.NET with MS Access

Parameter Queries in ASP.NET with MS Access
A selection of code samples for executing queries against MS Access using parameters.
Making use of the ASP.NET 2.0 datasource controls is fine, but it is important to understand how to manually create data access code. Best practice dictates that, at the very least, parameters are used to represent values that are passed into the SQL to be executed, rather than un-sanitised values straight from the user. The main reason for this cannot be over-emphasised in terms of its importance - it protects the application against SQL Injection attacks. In addition, parameters do not require delimiters. Therefore there is no need to worry about octothorpes (#) or apostrophes for dates, or doubling single quotes in strings.
These samples all assume that the values being passed into the parameters have been properly validated for datatype, existence, range etc, according to the business rules for the application. The serverside validation code is not included, as it will differ from app to app, and is not the focus of these samples anyway. However, it is important to stress that all user input must be validated server-side before being included in a SQL statement. Better to reject it outright, rather than have to unpick rubbish that pollutes the database...
The required components are an OleDbConnection object, a ConnectionString property, an OleDbCommand object and an OleDbParameterCollection. These all reside in the System.Data.OleDb namespace, which needs to be referenced. Also, the connection string is held in the Web.Config, and a static method GetConnString() has been created in a class called Utils (also static) to retrieve it:
[C#]
public static string GetConnString()
{
return WebConfigurationManager.ConnectionStrings["myConnStr"].ConnectionString;
}

[VB]
Public Shared Function GetConnString() As String
Return WebConfigurationManager.ConnectionStrings("myConnStr").ConnectionString
End Function

 
Fo


相关文档:

40条ASP.NET开发Tip

2010-01-25 14:24
40条ASP.NET开发Tip
作者:麒麟   来源:博客园   发布时间:2010-01-21 13:16   阅读:287 次  原文链接   [收藏]  
1、在compilation 下,请设置debug=false ,如下:
default Language="c#" debug="false">
2、请使用Server.Tran ......

ASP.NET常用语句

1.//弹出对话框.点击转向指定页面
Response.Write(" <script>window.alert('该会员没有提交申请,请重新提交!')
</script>");
Response.Write(" <script>window.location
='http://www.51aspx.com/bizpulic/upmeb.aspx' </script>");
2.//弹出对话框
Response.Write(" <script lang ......

C#(ASP.NET) 下载数据

Internet 类
using System;
using System.Collections.Generic;
using System.Collections;
using System.Text;
using System.Net;
using System.IO;
using System.Text.RegularExpressions;
using System.Threading;
namespace DownData
{
    class internet
    {
 &nb ......

浅谈Asp.Net内部机制

浅谈ASP.NET的内部机制(一)
浅谈ASP.NET的内部机制(二)
浅谈ASP.NET的内部机制(三)
浅谈ASP.NET的内部机制(四)
浅谈ASP.NET的内部机制(五)
浅谈ASP.NET的内部机制(六)
浅谈ASP.NET的内部机制(七)
浅谈ASP.NET的内部机制(八) ......

转:ASP.NET页面传值的几种方式

一. 使用QueryString变量
    QueryString是一种非常简单也是使用比较多的一种传值方式,但是它将传递的值显示在浏览器的地址栏中,如果是传递一个或多个安全性要求不高或是结构简单的数值时,可以使用这个方法。
         Response.Redirect( "target.aspx?param1=hello& ......
© 2009 ej38.com All Rights Reserved. 关于E健网联系我们 | 站点地图 | 赣ICP备09004571号