.net – 提高SQL命令的代码可读性

MsSQL 2019-05-08
在我正在开发的Web应用程序的一个类中,我有一些相当长的SQL查询.

在开发三层应用程序时,使这种代码变得更好的最佳做法是什么?

Dim dc As New sqlCommand("INSERT INTO Choices VALUES ('" + _
                                 SanitizeInput(strUser) + "','" + _
                                 SanitizeInput(strFirstHalfDay) + "','" + _
                                 SanitizeInput(strSecondHalfDay) + "','" + _
                                 SanitizeInput(strFullDay) + "'," + _
                                 SanitizeInput(Convert.ToInt32(firstHalfPaid).ToString()) + "," + _
                                 SanitizeInput(Convert.ToInt32(secondHalfPaid).ToString()) + "," + _
                                 SanitizeInput(Convert.ToInt32(fullPaid).ToString()) + ")",cn)

你认为这种代码是可以接受还是臭?

解决方法

停止,不要这样做,使用准备好的抱怨,你会得到安全和可读性.

改为使用它:

Dim dc As New sqlCommand("INSERT INTO Choices VALUES (@User,@FirstHalfDay,@SecondHalfDay,@FullDay,@FirstHalfPaid,@SecondHalfPaid,@FullPaid'",cn)
dc.Parameters.Add (new sqlParameter ("User",strUser))
dc.Parameters.Add (new sqlParameter ("FirstHalfDay",strFirstHalfDay))
dc.Parameters.Add (new sqlParameter ("SecondHalfDay",strSecondHalfDay))
dc.Parameters.Add (new sqlParameter ("FullDay",strFullDay))
dc.Parameters.Add (new sqlParameter ("FirstHalfPaid",firstHalfPaid))
dc.Parameters.Add (new sqlParameter ("SecondHalfPaid",secondHalfPaid))
dc.Parameters.Add (new sqlParameter ("FullPaid",fullPaid))

相关文章

SQL Server CASE WHEN ... THEN ... ELSE ... END
SELECT a.*,b.dp_name,c.pa_name,fm_name=(CASE WHEN a.fm_n...
SQL Server 数据表栏位新增
if not exists(select name from syscolumns where name=&am...
SQL Server Left join
select a.*,pano=a.pa_no,b.pa_name,f.dp_name,e.fw_state_n...
SQL Server 2019 中设置定时自动重启
要在 SQL Server 2019 中设置定时自动重启,可以使用 Window...
SQL Server 事务日志已满
您收到的错误消息表明数据库 'EastRiver' 的...
SQL SERVER PROFILER
首先我需要查询出需要使用SQL Server Profiler跟踪的数据库标...