Parameter Queries in ASP.NET with MS Access
Parameter Queries in ASP.NET with MS Access
A selection of code samples for executing queries against MS Access using parameters.
Making use of the ASP.NET 2.0 datasource controls is fine, but it is important to understand how to manually create data access code. Best practice dictates that, at the very least, parameters are used to represent values that are passed into the SQL to be executed, rather than un-sanitised values straight from the user. The main reason for this cannot be over-emphasised in terms of its importance - it protects the application against SQL Injection attacks. In addition, parameters do not require delimiters. Therefore there is no need to worry about octothorpes (#) or apostrophes for dates, or doubling single quotes in strings.
These samples all assume that the values being passed into the parameters have been properly validated for datatype, existence, range etc, according to the business rules for the application. The serverside validation code is not included, as it will differ from app to app, and is not the focus of these samples anyway. However, it is important to stress that all user input must be validated server-side before being included in a SQL statement. Better to reject it outright, rather than have to unpick rubbish that pollutes the database...
The required components are an OleDbConnection object, a ConnectionString property, an OleDbCommand object and an OleDbParameterCollection. These all reside in the System.Data.OleDb namespace, which needs to be referenced. Also, the connection string is held in the Web.Config, and a static method GetConnString() has been created in a class called Utils (also static) to retrieve it:
[C#]
public static string GetConnString()
{
return WebConfigurationManager.ConnectionStrings["myConnStr"].ConnectionString;
}
[VB]
Public Shared Function GetConnString() As String
Return WebConfigurationManager.ConnectionStrings("myConnStr").ConnectionString
End Function
Fo
相关文档:
1.//弹出对话框.点击转向指定页面
Response.Write(" <script>window.alert('该会员没有提交申请,请重新提交!')
</script>");
Response.Write(" <script>window.location
='http://www.51aspx.com/bizpulic/upmeb.aspx' </script>");
2.//弹出对话框
Response.Write(" <script lang ......
第一:
private void Button1_Click( object sender, System.EventArgs e ) { Response.Redirect( Request.Url.ToString( ) ); } 第二:
private void Button2_Click( object sender, System.EventArgs e ) { Response.Write( " < script language=javascript>window.location.href=document.URL; < /script&g ......
1. 数据库访问性能优化
数据库的连接和关闭
访问数据库资源需要创建连接、打开连接和关闭连接几个操作。这些过程需要多次与数据库交换信息以通过身份验证,比较耗费服务器资源。 ASP.NET中提供了连接池(Connection Pool)改善打开和关闭数据库对性能的影响。系统将用户的数据库连接放在连接池中,需要时取出,关闭时 ......
Internet 类
using System;
using System.Collections.Generic;
using System.Collections;
using System.Text;
using System.Net;
using System.IO;
using System.Text.RegularExpressions;
using System.Threading;
namespace DownData
{
class internet
{
&nb ......
WCF的架构:using System.ServiceModel;
契约:Contract
[ServiceContract]
public partial interface IContract
{
[OperationContract]
string DocumentWebHostUrl();
}
服务:Service
[ServiceBehavior(IncludeException ......