堆栈内存溢出
  简体   繁体   English

从ASP.net应用程序运行SQL语句

[英]Run SQL statements from ASP.net application

 原文  2009-12-08 00:45:44       c#/ asp.net/ sql/ sql-server-2005/ tsql

问题描述

I need to run sql statements from the application itself. 我需要从应用程序本身运行sql语句。 ie the user can go into the asp.net applciation, gets a box and can run sql statements from there 即用户可以进入asp.net应用程序,获取一个框并可以从那里运行sql语句

I am already doing something like this Can I rollback Dynamic SQL in SQL Server / TSQL 我已经在做这样的事情了, 可以在SQL Server / TSQL中回退动态SQL吗?

That is running dynamic sql 那是运行动态SQL

is there a better way to do this 有一个更好的方法吗

3 个解决方案

解决方案1
 2  2009-12-08 00:52:29

DO NOT DO THIS. 不要这样做。 What if the user types in sp_msforeachtable 'truncate table ?'...? 如果用户键入sp_msforeachtable'truncate table?'...怎么办?

解决方案2
 2 已采纳  2009-12-08 02:03:25

Dynamic SQL is certainly the easiest way to do this. 动态SQL当然是最简单的方法。 The alternative is parameterized SQL, but that would require having your users define and set parameters separately from the T-SQL. 替代方法是参数化SQL,但是这需要让您的用户与T-SQL分开定义和设置参数。

You can simply submit the T-SQL string to SQL Server using the SqlCommand object; 您可以简单地使用SqlCommand对象将T-SQL字符串提交到SQL Server。 there's no real benefit to wrapping it in an EXEC or anything, as in the link you provided. 将其包装在EXEC或任何内容中并没有真正的好处,如您提供的链接中所示。 You can do exception handling on the .NET side. 您可以在.NET端进行异常处理。

Also, if you want to support command batches, keep in mind that SqlClient and friends don't understand "GO", which also isn't an actual T-SQL command -- you will need to parse the input and break it into batches yourself. 另外,如果要支持命令批处理,请记住SqlClient和朋友不理解“ GO”,这也不是真正的T-SQL命令-您将需要解析输入并将其分成批处理你自己。

I'm sure you understand that there is a big security risk in doing this, and that's it's generally not recommended. 我相信您知道这样做会带来很大的安全风险,因此通常不建议这样做。 You might consider using a connection string that specifies a user with limited permissions, to help control / limit their access. 您可能考虑使用连接字符串来指定权限受限的用户,以帮助控制/限制他们的访问。

解决方案3
 0  2009-12-08 01:22:52

RunSQL.aspx utility might help. RunSQL.aspx实用程序可能会有所帮助。 See Upload T-SQL and execute at your hosting provider using an ASP.NET page . 请参阅上载T-SQL,并使用ASP.NET页在托管提供者处执行

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从linqpad或控制台应用程序运行asp.net mvc应用程序 - Run asp.net mvc application from linqpad or console application 如何从Asp.net运行计时器应用程序 - How to run Timer Application from Asp.net 从ASP.NET MVC应用程序连接到SQL Server - Connect to SQL Server from ASP.NET MVC application 无法从ASP.NET应用程序访问SQL Server - SQL Server not reachable from ASP.NET application 从asp.net应用程序连接到SQL Server数据库 - connect to sql server database from asp.net application ASP.NET应用程序生产服务器的SQL连接错误 - ASP.NET application SQL connection error from production server 在Linux上运行ASP.NET应用程序 - Run ASP.NET application on Linux 在ASP.NET中的其他AppDomain中运行应用程序 - Run application in other AppDomain in ASP.NET asp.net中的错误,但应用程序运行平稳 - Error in asp.net but application run smoothly 如何运行asp.net应用程序 - How to run asp.net application
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM