Parameter Queries in ASP.NET with MS Access
Parameter Queries in ASP.NET with MS Access
A selection of code samples for executing queries against MS Access using parameters.
Making use of the ASP.NET 2.0 datasource controls is fine, but it is important to understand how to manually create data access code. Best practice dictates that, at the very least, parameters are used to represent values that are passed into the SQL to be executed, rather than un-sanitised values straight from the user. The main reason for this cannot be over-emphasised in terms of its importance - it protects the application against SQL Injection attacks. In addition, parameters do not require delimiters. Therefore there is no need to worry about octothorpes (#) or apostrophes for dates, or doubling single quotes in strings.
These samples all assume that the values being passed into the parameters have been properly validated for datatype, existence, range etc, according to the business rules for the application. The serverside validation code is not included, as it will differ from app to app, and is not the focus of these samples anyway. However, it is important to stress that all user input must be validated server-side before being included in a SQL statement. Better to reject it outright, rather than have to unpick rubbish that pollutes the database...
The required components are an OleDbConnection object, a ConnectionString property, an OleDbCommand object and an OleDbParameterCollection. These all reside in the System.Data.OleDb namespace, which needs to be referenced. Also, the connection string is held in the Web.Config, and a static method GetConnString() has been created in a class called Utils (also static) to retrieve it:
[C#]
public static string GetConnString()
{
return WebConfigurationManager.ConnectionStrings["myConnStr"].ConnectionString;
}
[VB]
Public Shared Function GetConnString() As String
Return WebConfigurationManager.ConnectionStrings("myConnStr").ConnectionString
End Function
Fo
相关文档:
2010-01-25 14:24
40条ASP.NET开发Tip
作者:麒麟 来源:博客园 发布时间:2010-01-21 13:16 阅读:287 次 原文链接 [收藏]
1、在compilation 下,请设置debug=false ,如下:
default Language="c#" debug="false">
2、请使用Server.Tran ......
FCKeditor相关资料简介:
官方网站http://www.fckeditor.net/
官方文档http://wiki.fckeditor.net/
下载地址http://www.fckeditor.net/download/default.html
官方演示http://www.fckeditor.net/demo/default.html
FCKEditor asp.net设置
下载:http://www.fckeditor.net
(要下载FCKeditor2.4.2.zip和FCKeditor.NET ......
浅谈ASP.NET的内部机制(一)
浅谈ASP.NET的内部机制(二)
浅谈ASP.NET的内部机制(三)
浅谈ASP.NET的内部机制(四)
浅谈ASP.NET的内部机制(五)
浅谈ASP.NET的内部机制(六)
浅谈ASP.NET的内部机制(七)
浅谈ASP.NET的内部机制(八) ......
许久以前,写过一篇《asp.net页中动态加入样式表文件》,后来发现在使用时如果每页都写这么个函数真是很麻烦,于是自己写了一个Page的派生。将这个函数加了进去。
/**//// <summary>
/// 作者 邹健
///  ......
写cookie
1 HttpCookie cookie = new HttpCookie("Info");//定义cookie对象以及名为Info的项
2 DateTime dt = DateTime.Now;//定义时间对象
3 TimeSpan ts=new TimeSpan(1,0,0,0);//cookie有效作用时间,具体查msdn
4 cookie.Expires = dt.Add(ts);//添加作用时间
5 cookie.Values.Add("user","cx ......