我开始将我的查询封装在一个参数化查询类中
现在您能否评估我的课程的性能安全性和其他可能的方面?
你有什么建议吗 ?
这是我的精选课
public static DataSet cmd_SelectQuery(string srCommandText, List<string> lstParameterNames, List<string> lstParameters)
{
DataSet dsCmdPara = new DataSet();
try
{
using (SqlConnection connection = new SqlConnection(DbConnection.srConnectionString))
{
using (SqlCommand cmd = new SqlCommand(srCommandText, connection))
{
cmd.CommandType = CommandType.Text;
for (int i = 0; i < lstParameterNames.Count; i++)
{
cmd.Parameters.AddWithValue(lstParameterNames[i], lstParameters[i]);
}
connection.Open();
using (SqlDataAdapter sqlDa = new SqlDataAdapter(cmd))
{
sqlDa.Fill(dsCmdPara);
return dsCmdPara;
}
}
}
}
catch (Exception E)
{
csPublicFunctions.insertIntoTblSqlErrors(srCommandText + " " + E.Message.ToString());
}
return dsCmdPara;
}
在这里我的更新,删除类
public static void cmd_UpdateDeleteQuery(string srCommandText, List<string> lstParameterNames, List<string> lstParameters)
{
try
{
using (SqlConnection connection = new SqlConnection(DbConnection.srConnectionString))
{
using (SqlCommand cmd = new SqlCommand(srCommandText, connection))
{
cmd.CommandType = CommandType.Text;
for (int i = 0; i < lstParameterNames.Count; i++)
{
cmd.Parameters.AddWithValue(lstParameterNames[i], lstParameters[i]);
}
connection.Open();
cmd.ExecuteNonQuery();
}
}
}
catch (Exception E)
{
csPublicFunctions.insertIntoTblSqlErrors(srCommandText + " " + E.Message.ToString());
}
}
非常感谢您的回答