程序博客网 > sql注入攻击的危害

三层构架下的DBHelper.cs类

来源:互联网 发布:sql注入攻击的危害 编辑:程序博客网 时间:2024/04/28 15:07
using System;using System.Collections.Generic;using System.Text;using System.Configuration;using System.Data.Common;using System.Data;namespace DiaryDAL{    public static class DBHelper    {        private static readonly string connectionString = ConfigurationManager.ConnectionStrings["DbHelperConnectionString"].ConnectionString.ToString();        private static readonly string providerName = "System.Data.SqlClient";        /// <summary>        /// GetConnection 用于获取连接数据库的 connection 对象        /// </summary>        /// <returns></returns>        private static DbConnection GetConnection()        {            DbProviderFactory _factory = DbProviderFactories.GetFactory(providerName);            DbConnection connection = _factory.CreateConnection();            connection.ConnectionString = connectionString;            return connection;        }        /// <summary>        /// GetCommand 获取命令参数 command 对象        /// </summary>        /// <param name="commandText"></param>        /// <param name="commandType"></param>        /// <param name="connection"></param>        /// <returns></returns>        private static DbCommand GetCommand(string commandText, CommandType commandType, DbConnection connection)        {            DbCommand command = connection.CreateCommand();            command.CommandText = commandText;            command.CommandType = commandType;            return command;        }        /// <summary>        /// GetCommand 方法重载        /// </summary>        /// <param name="commandText">sql语句</param>        /// <param name="connection"></param>        /// <returns></returns>        private static DbCommand GetCommand(string commandText, DbConnection connection)        {            DbCommand command = connection.CreateCommand();            command.CommandText = commandText;            command.CommandType = CommandType.Text;            return command;        }        /// <summary>        /// GetParameter 用于为命令设置参数        /// </summary>        /// <param name="paramName"></param>        /// <param name="paramValue"></param>        /// <param name="command"></param>        /// <returns></returns>        private static DbParameter GetParameter(string paramName, object paramValue, DbCommand command)        {            DbParameter parameter = command.CreateParameter();            parameter.ParameterName = paramName;            parameter.Value = paramValue;            return parameter;        }        /// <summary>        /// 执行无参的存储过程        /// </summary>        /// <param name="sqlCommand">存储过程名</param>        /// <returns></returns>        public static int ExecuteNonQueryProc(string sqlCommand)        {            int result = 0;            using (DbConnection connection = GetConnection())            {                DbCommand command = GetCommand(sqlCommand, CommandType.StoredProcedure, connection);                connection.Open();                result = command.ExecuteNonQuery();                command.Parameters.Clear();            }            return result;        }        /// <summary>        /// 执行无返回值有参数的存储过程        /// </summary>        /// <param name="sqlCommand">存储过程名</param>        /// <param name="parameters">参数</param>        /// <returns></returns>        public static int ExecuteNonQueryProc(string sqlCommand, Dictionary<string, object> parameters)        {            int result = 0;            using (DbConnection connection = GetConnection())            {                DbCommand command = GetCommand(sqlCommand, CommandType.StoredProcedure, connection);                foreach (KeyValuePair<string, object> p in parameters)                {                    command.Parameters.Add(GetParameter(p.Key, p.Value, command));                }                connection.Open();                result = command.ExecuteNonQuery();                command.Parameters.Clear();            }            return result;        }        /// <summary>        /// 执行无返回值的sql语句        /// </summary>        /// <param name="sqlCommand"></param>        /// <param name="parameters"></param>        public static int ExecuteNonQuery(string sqlCommand)        {            int result = 0;            using (DbConnection connection = GetConnection())            {                DbCommand command = GetCommand(sqlCommand, CommandType.Text, connection);                connection.Open();                result = command.ExecuteNonQuery();                command.Parameters.Clear();                return result;            }        }        /// <summary>        /// 执行有参数的sql语句        /// </summary>        /// <param name="sqlCommand"></param>        /// <param name="para"></param>        /// <returns></returns>        public static int ExecuteNonQuery(string sqlCommand, Dictionary<string, object> para)        {            int result = 0;            using (DbConnection connection = GetConnection())            {                DbCommand command = GetCommand(sqlCommand, CommandType.Text, connection);                foreach (KeyValuePair<string, object> p in para)                {                    command.Parameters.Add(GetParameter(p.Key, p.Value, command));                }                connection.Open();                result = command.ExecuteNonQuery();                command.Parameters.Clear();                return result;            }        }        /// <summary>        /// 执行有返回值无参数的存储过程        /// </summary>        /// <param name="cmdText"></param>        /// <returns></returns>        public static object ExecuteScalarProc(string cmdText)        {            using (DbConnection connection = GetConnection())            {                DbCommand command = GetCommand(cmdText, CommandType.StoredProcedure, connection);                connection.Open();                object val = command.ExecuteScalar();                command.Parameters.Clear();                return val;            }        }        /// <summary>        /// 执行有返回值的有参数的存储过程        /// </summary>        /// <param name="cmdText">存储过程名</param>        /// <param name="para">参数</param>        /// <returns></returns>        public static object ExecuteScalarProc(string cmdText, Dictionary<string, object> para)        {            using (DbConnection connection = GetConnection())            {                DbCommand command = GetCommand(cmdText, CommandType.StoredProcedure, connection);                foreach (KeyValuePair<string, object> p in para)                {                    command.Parameters.Add(GetParameter(p.Key, p.Value, command));                }                connection.Open();                object val = command.ExecuteScalar();                command.Parameters.Clear();                return val;            }        }        /// <summary>        /// 执行有返回值的sql语句        /// </summary>        /// <param name="cmdText"></param>        /// <returns></returns>        public static object ExecuteScalar(string cmdText)        {            using (DbConnection connection = GetConnection())            {                DbCommand command = GetCommand(cmdText, CommandType.Text, connection);                connection.Open();                object val = command.ExecuteScalar();                command.Parameters.Clear();                return val;            }        }        /// <summary>        /// 执行有返回值有参数的sql语句        /// </summary>        /// <param name="cmdText"></param>        /// <param name="para"></param>        /// <returns></returns>        public static object ExecuteScalar(string cmdText, Dictionary<string, object> para)        {            using (DbConnection connection = GetConnection())            {                DbCommand command = GetCommand(cmdText, CommandType.Text, connection);                foreach (KeyValuePair<string, object> p in para)                {                    command.Parameters.Add(GetParameter(p.Key, p.Value, command));                }                connection.Open();                object val = command.ExecuteScalar();                command.Parameters.Clear();                return val;            }        }        /// <summary>        /// 执行无参数的存储过程,返回DbDataReader对象        /// </summary>        /// <param name="sqlCommand">存储过程名</param>        /// <returns></returns>        public static DbDataReader GetReaderProc(string sqlCommand)        {            try            {                DbConnection connection = GetConnection();                DbCommand command = GetCommand(sqlCommand, CommandType.StoredProcedure, connection);                connection.Open();                DbDataReader reader = command.ExecuteReader(CommandBehavior.CloseConnection);                return reader;            }            catch (Exception ex)            {                Console.Write("" + ex.Message);                return null;            }        }        /// <summary>        /// 执行有参数的存储过程,返回DbDataReader对象        /// </summary>        /// <param name="sqlCommand"></param>        /// <param name="parameters"></param>        /// <returns></returns>        public static DbDataReader GetReaderProc(string sqlCommand, Dictionary<string, object> parameters)        {            try            {                DbConnection connection = GetConnection();                DbCommand command = GetCommand(sqlCommand, CommandType.StoredProcedure, connection);                foreach (KeyValuePair<string, object> p in parameters)                {                    command.Parameters.Add(GetParameter(p.Key, p.Value, command));                }                connection.Open();                DbDataReader reader = command.ExecuteReader(CommandBehavior.CloseConnection);                command.Parameters.Clear();                return reader;            }            catch            {                return null;            }        }        #region        /// <summary>        /// 执行无参数的sql语句,返回DbDataReader对象        /// </summary>        /// <param name="sqlCommand"></param>        /// <returns></returns>        public static DbDataReader GetReader(string sqlCommand)        {            try            {                DbConnection connection = GetConnection();                DbCommand command = GetCommand(sqlCommand, CommandType.Text, connection);                connection.Open();                DbDataReader reader = command.ExecuteReader(CommandBehavior.CloseConnection);                command.Parameters.Clear();                return reader;            }            catch (Exception ex)            {                Console.Write("" + ex.Message);                return null;            }        }        #endregion        /// <summary>        /// 执行有参数的sql语句,返回DbDataReader对象        /// </summary>        /// <param name="sqlCommand"></param>        /// <param name="parameters"></param>        /// <returns></returns>        public static DbDataReader GetReader(string sqlCommand, Dictionary<string, object> parameters)        {            try            {                DbConnection connection = GetConnection();                DbCommand command = GetCommand(sqlCommand, CommandType.Text, connection);                foreach (KeyValuePair<string, object> p in parameters)                {                    command.Parameters.Add(GetParameter(p.Key, p.Value, command));                }                connection.Open();                DbDataReader reader = command.ExecuteReader(CommandBehavior.CloseConnection);                command.Parameters.Clear();                return reader;            }            catch (Exception ex)            {                Console.Write("" + ex.Message);                return null;            }        }        /// <summary>        /// 返回DataTable对象        /// </summary>        /// <param name="safeSql"></param>        /// <returns></returns>        public static DataTable GetDataSet(string safeSql)        {            /*DbProviderFactory _factory = DbProviderFactories.GetFactory(providerName);            DbConnection connection = GetConnection();            connection.Open();            DbDataAdapter da = _factory.CreateDataAdapter();            da.SelectCommand = connection.CreateCommand();            da.SelectCommand.CommandText = safeSql;            DataTable dt = new DataTable();            da.Fill(dt);            return dt;*/            using (DbConnection connection = GetConnection())            {                DbProviderFactory _factory = DbProviderFactories.GetFactory(providerName);                DbCommand command = GetCommand(safeSql, CommandType.Text, connection);                connection.Open();                DbDataAdapter da = _factory.CreateDataAdapter();                da.SelectCommand = command;                DataTable datatable = new DataTable();                da.Fill(datatable);                return datatable;            }        }    }}

sql注入攻击的危害 sql注入攻击的危害
原创粉丝点击
热门IT博客
垂直闭环横向矩阵垂直闭环横向矩阵
南林教育网络管理系统南林教育网络管理系统
windows键没反应
软件系统详细设计方案
集线器端口上的电涌u盘
淘宝首页钻展图片尺寸
中印差距 知乎
淘宝退款会影响信誉吗
网络推广的新发展趋势
python 正则 匹配一个
如何电话联系淘宝客服
网页描述 的优化
sql创建用户语句
black or white mv知乎
directx组件修复软件
电脑画图纸软件
神奇 知乎
js调用php接口
千牛首页店铺数据
杨鹏背单词法 知乎
热门问题 老师的惩罚 人脸识别 我在镇武司摸鱼那些年 重生之率土为王 我在大康的咸鱼生活 盘龙之生命进化 天生仙种 凡人之先天五行 春回大明朝 姑娘不必设防,我是瞎子 自己补漆 快速补漆怎么样 首保可以免费补漆吗 2018年珍珠白补漆一面什么价格 新车首次保养能免费补漆吗 4s店保养能免费补漆吗 卫生间防水补漏 补漏防水胶 屋顶防水补漏 补漏王 尿道下裂补漏成功率 水泥屋顶补漏 东莞防水补漏 专业防水补漏 补漏材料 外墙补漏 楼面防水补漏材料 防水补漏图片 防水补漏材料 楼面补漏胶 楼面裂缝补漏 屋顶防水补漏胶带 疏通厨房下水道多少钱 楼面裂缝防水补漏用的胶水 铁管漏水如何快速补漏 免砸砖卫生间防水补漏 家庭装修卫生间补漏 补焊 参鹿补片 补金片 补片 疝气补片放置体内图 补金片功效 疝气补片多少钱 疝气补片多久和肉融合 安神补脑片的功效 斜疝补片 疝补片 疝补片价格 切口疝补片 巴德补片

程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里