Imports System.Configuration
Imports System.Data.Common
'还需要引用system.configuration
app.config中配置连接字符串
<configuration>
<connectionStrings>
<add name="数据工厂测试.My.MySettings.Setting" connectionString="Data Source=wangli;Initial Catalog=VideoGames;Persist Security Info=True;User ID=sa;Password=sa"
providerName="System.Data.SqlClient" />
<add name ="VideoGameStoreDb" connectionString ="Data Source=wangli;Initial Catalog=VideoGames;Persist Security Info=True;User ID=sa;Password=sa"
providerName="System.Data.SqlClient"/>
</connectionStrings>
</configuration>
Public Class ClsFactory
Public Sub Delete(ByVal pId As Integer)
'获得连接字符串
Dim css As ConnectionStringSettings
css = ConfigurationManager.ConnectionStrings("VideoGameStoreDb")
'在数据连接的上建立工厂类
Dim Factory As DbProviderFactory
Factory = DbProviderFactories.GetFactory(css.ProviderName)
'建立连接 ,执行任务
Using conn As DbConnection = Factory.CreateConnection
conn.ConnectionString = css.ConnectionString
'生成命令
Using cmd As DbCommand = Factory.CreateCommand
cmd.Connection = conn
cmd.CommandType = CommandType.Text
cmd.CommandText = "delete from customer where customerId=@id"
'创建ID参数
Dim paramID As DbParameter
paramID = Factory.CreateParameter
paramID.ParameterName = "@id"
paramID.Value = pId
cmd.Parameters.Add(paramID)
'打开连接,执行
conn.Open()
Dim count As Integer
count = cmd.ExecuteNonQuery
conn.Close()
If count < 1 Then
Throw New ArgumentOutOfRangeException("id", "序号没有找到")
End If
End Using
End Using
End Sub
End Class
'为了降低SQL注入攻击的威胁(sql injection),建议使用参数,而不要使用字符串的连接。恶意SQL代码可能通过字符串的连接而执行。如:操作者可能在某一字段 输入一个右引号,后面跟完整SQL语句。由于该字符串会被追加到SELECT 语句的后面,引事情后的语句便会执行。