SQL语句合并/简化
[英]SQL statement merging/simplifying
问题描述
I'm not sure whether my SQL code and practise here is any good, so hopefully someone could enlighten me. 
我不确定我的SQL代码和练习是否对您有帮助,所以希望有人能启发我。 In order to try and separate my DAL from the Business layer, I'm not using an SQLDataSource on the page. 为了尝试将DAL与业务层分开,我不在页面上使用SQLDataSource。 Instead, I've created a gridview to display the results and called an SQL command to retrieve results. 相反,我创建了一个gridview以显示结果,并调用了一条SQL命令来检索结果。 I have the following SQL command: 我有以下SQL命令:
string CommandText = "SELECT User.FName + User.Surname, Product.Name, Product.Quantity, Product.Price FROM User, Products WHERE Product.UserID = User.UserID";
The results are then loaded into a datareader and bound to the gridview control. 然后将结果加载到数据读取器中,并绑定到gridview控件。 This works fine. 这很好。 However, is the SQL statement inefficient? 但是,SQL语句效率低下吗? I've noticed some SQL statements have square brackets around each field, but when I try and put it around my fields, no results are displayed. 我注意到一些SQL语句在每个字段周围都有方括号,但是当我尝试将其放在字段周围时,不会显示任何结果。 I'm also trying to merge the firstname and surname into one column, with a space between them, but the above doesn't put a space between them, and I can't seem to add a space in the SQL statement. 我还试图将名字和姓氏合并到一个列中,并在它们之间留一个空格,但是以上内容并未在它们之间放置一个空格,而且我似乎无法在SQL语句中添加一个空格。
Finally, this all occurs in the code-behind of the shopping-cart page. 最后,所有这些都发生在购物车页面的代码背后。 However, is it insecure to have the connectionstring and above SQL statement in the codebehind? 但是,在代码后边有连接字符串和以上SQL语句是否不安全? My connectionstring is encrypted within the web.config file and is called via the Configuration API. 我的连接字符串在web.config文件中加密,并通过配置API调用。
Thanks for any help. 谢谢你的帮助。
3 个解决方案
解决方案1
3 已采纳 2009-12-03 00:36:19
Firstly, using square brackets is optional in most cases (IIRC, there are very few instances where they are actually necessary, such as using keywords in the statement). 首先,在大多数情况下,使用方括号是可选的(IIRC,很少有实际需要它们的情况,例如在语句中使用关键字)。 Square brackets go around each identifier, for example, 方括号括在每个标识符上,例如,
SELECT [Server_Name].[Database_Name].[Table_Name].[Field_Name], ...
Secondly, to add a space, you can use SELECT User.FName + ' ' + User.Surname . 其次,要添加一个空格,可以使用SELECT User.FName + ' ' + User.Surname 。 You also might want to alias it - SELECT User.FName + ' ' + User.Surname AS [name] 您可能还想为其SELECT User.FName + ' ' + User.Surname AS [name]别名SELECT User.FName + ' ' + User.Surname AS [name]
Thirdly, keep the connection string in the web.config and encrypt it using a key. 第三,将连接字符串保留在web.config中,并使用密钥对其进行加密。
Finally, you may want to consider introducing a data access layer into the project that can return objects from your datasource (might be worth having a look at NHibernate, LINQ to SQL or Entity Framework for this). 最后,您可能需要考虑在项目中引入一个数据访问层,该层可以从数据源返回对象(为此值得一看NHibernate,LINQ to SQL或Entity Framework)。 You can then bind a collection of objects to your GridView. 然后,您可以将对象集合绑定到GridView。
解决方案2
2 2009-12-03 00:41:57
Long time no SQL usage, but I don't see a problem with your query, as long as the database is designed well. 很长时间没有使用SQL,但是只要数据库设计良好,我就不会看到查询问题。 To concatenate two string columns use something like this: 要连接两个字符串列,请使用以下内容:
User.FName + ' ' + User.Surname AS UserName
Simply add a space between two strings. 只需在两个字符串之间添加一个空格。
As for security concerns: all other people can see is a rendered web page. 关于安全性方面:所有其他人只能看到呈现的网页。 If you don't expose connection string nor queries in the rendered HTML/JS code (like in comments etc.), you should not worry. 如果您没有在呈现的HTML / JS代码中公开连接字符串或查询(如注释等),则不必担心。 The connection string stored in web.config and database structure visible in queries in server code are safe as long as the server is safe. 只要服务器是安全的,存储在web.config中的连接字符串和服务器代码中的查询中可见的数据库结构都是安全的。
解决方案3
1 2009-12-03 00:34:11
Try this: 尝试这个:
string CommandText = "SELECT
User.FName + ' ' + User.Surname AS Fullname,
Product.Name,
Product.Quantity,
ProductDetail.Price
FROM
User, Products
WHERE
Product.UserID = User.UserID";
Best wishes, Fabian 最好的祝福,费边
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.