帮忙看看这段代码有没有什么缺陷?解决方案
日期:2014-05-18 浏览次数:20385 次
帮忙看看这段代码有没有什么缺陷?
public static bool DelMessage(int UniqueID)
{
SqlConnection conn = DBAccess.conn;
string sqlcmd = "DELETE FROM Messages WHERE UniqueID='"+UniqueID+"'";
SqlCommand comm = new SqlCommand(sqlcmd, conn);
try
{
if(conn.State == ConnectionState.Closed) conn.Open();
int res = comm.ExecuteNonQuery();
if(1==res) return true;
else return false;
}
catch(Exception ex)
{
MailSender.SendException(ex);
return false;
}
finally
{
if(conn.State == ConnectionState.Open) conn.Close();
}
}
//像这样的代码是否有什么不足之处?
------解决方案--------------------
public static bool DelMessage(int UniqueID)
{
SqlConnection conn = DBAccess.conn;
string sqlcmd = "DELETE FROM Messages WHERE UniqueID='"+UniqueID+"'";
SqlCommand comm = new SqlCommand(sqlcmd, conn);
try
{
if(conn.State == ConnectionState.Closed) conn.Open();
int res = comm.ExecuteNonQuery();
if(1==res) return true;
else return false;
}
catch(Exception ex)
{
MailSender.SendException(ex);
return false;
}
finally
{
if(conn.State == ConnectionState.Open) conn.Close();
}
}
//像这样的代码是否有什么不足之处?
------解决方案--------------------
- C# code
public static bool DelMessage(int uniqueID) //局部参数请小写
{
bool flag = false;
SqlConnection conn = DBAccess.conn;
//用参数而不是拼接字符串
string sqlcmd = "DELETE FROM Messages WHERE UniqueID = @UniqueID";
SqlCommand comm = new SqlCommand(sqlcmd, conn);
comm.Parameters.Add("@UniqueID", SqlDbType.VarChar).Value = uniqueID;
try
{
if (conn.State == ConnectionState.Closed)
conn.Open();
int res = comm.ExecuteNonQuery();
if (1 == res)
flag = true;
}
catch (Exception ex)
{
MailSender.SendException(ex);
}
finally
{
if (conn.State == ConnectionState.Open)
conn.Close();
}
return flag;
}
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
