你的位置:首页 > 数据库

[数据库]SqlHelper模板


在实际开发中,我们不会直接使用拼写SQL语句的方法进行数据库操作,而是使用参数化的方法进行数据库操作,这样做的好处很多,不仅提高了程序的健壮性,同时也避免的SQL注入的问题。在这里,笔者为初学者提供一个SQLHelper模板,希望对新手有所启发。

public static class SqlHelper  {    public static readonly string strConn = ConfigurationManager.ConnectionStrings["strConn"].ConnectionString;    public static int ExecuteNonQuery(string cmdText, params SqlParameter[] parameters)    {      using (SqlConnection conn = new SqlConnection(strConn))      {        conn.Open();        return ExecuteNonQuery(conn, cmdText, parameters);      }    }    public static int ExecuteNonQuery(SqlConnection conn, string cmdText, params SqlParameter[] parameters)    {      using (SqlCommand cmd = conn.CreateCommand())      {        cmd.CommandText = cmdText;        cmd.Parameters.AddRange(parameters);        return cmd.ExecuteNonQuery();      }    }    public static object ExecuteScalar(string cmdText, params SqlParameter[] parameters)    {      using (SqlConnection conn = new SqlConnection(strConn))      {        conn.Open();        return ExecuteScalar(conn, cmdText, parameters);      }    }    public static object ExecuteScalar(SqlConnection conn, string cmdText, params SqlParameter[] parameters)    {      using (SqlCommand cmd = conn.CreateCommand())      {        cmd.CommandText = cmdText;        cmd.Parameters.AddRange(parameters);        return cmd.ExecuteScalar();      }    }    public static DataTable ExecuteDataTable(string cmdText, params SqlParameter[] parameters)    {      using (SqlConnection conn = new SqlConnection(strConn))      {        conn.Open();        return ExecuteDataTable(conn, cmdText, parameters);      }    }    public static DataTable ExecuteDataTable(SqlConnection conn, string cmdText, params SqlParameter[] parameters)    {      using (SqlCommand cmd = conn.CreateCommand())      {        cmd.CommandText = cmdText;        cmd.Parameters.AddRange(parameters);        using (SqlDataAdapter adapter = new SqlDataAdapter(cmd))        {          DataTable dt = new DataTable();          adapter.Fill(dt);          return dt;        }      }    }    /// <summary>    /// 存数据时防止为空    /// </summary>    /// <param name="value"></param>    /// <returns></returns>    public static object ToDbValue(this object value)    {      return value == null ? DBNull.Value : value;    }    /// <summary>    /// 取数据时防止为空    /// </summary>    /// <param name="value"></param>    /// <returns></returns>    public static object FromDbValue(this object value)    {      return value == DBNull.Value ? null : value;    }  }