1 usingSystem;2 usingSystem.Collections.Generic;3 usingSystem.Data;4 usingSystem.Data.SqlClient;5 usingSystem.Text;6 usingSystem.Web.Services.Description;7 namespaceSQL injection-type attack8 {9 PublicclassdbhelperTen { Oneprivatestaticstringdbconnectstring="server=.; Database=meixin;uid=sa;pwd=sa;"; A Privatestaticsqlconnection Conn; - Privatestaticsqldataadapter da; - privatestaticsqlcommand cmd; the Privatestaticdbhelper DBHelper; - Publicdbhelper () - { -conn =newsqlconnection (dbconnectstring); + } - /// <summary> + ///instantiating a DBHelper object A /// </summary> at /// <returns></returns> - publicstaticdbhelperinstance () - { - if(DBHelper = =NULL) - { -DBHelper =Newdbhelper (); in } - returnDBHelper; to } + /// <summary> - ///Open a database connection the /// </summary> * Voiddbopen () $ {Panax Notoginseng if(Conn. state==connectionstate.closed) - { the Conn. Open (); + } A } the /// <summary> + ///To close a database connection - /// </summary> $ voiddbclose () $ { - if(Conn. state==ConnectionState.Open) - { the Conn. Close (); - }Wuyi } the /// <summary> - ///Execute SQL statement get DataSet Wu /// </summary> - /// <param name= "SQL" >SQL statements</param> About /// <returns>DataTable Data Set</returns> $Publicdatatablegetdatatablebysql (stringsql) - { - dbopen (); -DataTable dt =newdatatable (); ADa =newsqldataadapter (SQL, conn); + da. Fill (DT); the returnDT; - } $ /// <summary> the ///Execute SQL statement the /// </summary> the /// <param name= "SQL" >SQL statements</param> the /// <returns>whether the execution succeeds</returns> - Public BOOLExcutesql (stringsql) in { the dbopen (); thecmd =newsqlcommand (SQL, conn); About Try the { the cmd. ExecuteNonQuery (); the returntrue; + } - Catch the {Bayi Returnfalse; the } the finally - { - dbclose (); the } the } the /// <summary> the ///Executing stored procedures - /// </summary> the /// <param name= "Proname" >Stored Procedure name</param> the /// <param Name= "Paras" >Stored Procedure Parameters</param> the /// <returns>whether the execution succeeds</returns>94 Public BOOLExcuteprocedure (stringProname,sqlparameter[] paras) the { the dbopen (); thecmd =Newsqlcommand (PRONAME, conn);98Cmd.commandtype=CommandType.StoredProcedure; About for(inti =0; I < paras. Length; i++) - {101 cmd. Parameters.Add (Paras[i]);102 }103 Try104 { the cmd. ExecuteNonQuery ();106 returntrue;107 }108 Catch109 { the Returnfalse;111 } the finally113 { the dbclose (); the } the }117 /// <summary>118 ///executing a stored procedure to get a dataset119 /// </summary> - /// <param name= "Proname" >Stored Procedure name</param>121 /// <param Name= "Paras" >Stored Procedure Parameters</param>122 /// <returns>DataTable Data Set</returns>123Publicdatatablegetdatatablebyprocedure (stringProname,sqlparameter[] paras)124 { the dbopen ();126cmd =Newsqlcommand (PRONAME, conn);127Cmd.commandtype=CommandType.StoredProcedure; -Da =newsqldataadapter (cmd);129DataTable dt =newdatatable (); the for(inti =0; I < paras. Length; i++)131 { the cmd. Parameters.Add (Paras[i]);133 }134 Try135 {136 da. Fill (DT);137 returnDT;138 }139 Catch $ {141 Returnnull;142 }143 finally144 {145 dbclose ();146 }147 }148 }149}
View Code
10 tools to streamline the mobile development process-software-network interface cnw.com.cn!