在以下场景中使用静态方法访问数据库是否安全

时间:2013-03-05 04:56:36

标签: c# asp.net mysql

我正在将asp网站升级到asp.net。我试图遵循多teir的方法。 我的基本dal层如下所示,它返回一个数据表并插入一个给定的查询。

using System;
using System.Configuration;
using System.Data;
using MySql.Data.MySqlClient;

public class mydatautility
{
    public mydatautility()
    {
    }
    public static DataTable Table(string query)
    {
        string constr = ConfigurationManager.ConnectionStrings["db_con"].ConnectionString;
        DataTable table = new DataTable();
        try
        {
            using (MySqlConnection con = new MySqlConnection(constr))
            {
                con.Close();
                MySqlCommand com = new MySqlCommand(query, con);
                MySqlDataAdapter da = new MySqlDataAdapter(com);
                con.Open();
                da.Fill(table);
                con.Close();
                da = null;
                com = null;
                con.Dispose();
            }
        }
        catch (Exception)
        {
        }
        return table;
    }
    public static int Insert_intoemployee(string query)
    {
        string constr = ConfigurationManager.ConnectionStrings["db_con"].ConnectionString;
        int done = 0;
        try
        {
            using (MySqlConnection con = new MySqlConnection(constr))
            {
                MySqlCommand com = new MySqlCommand(query, con);
                con.Open();
                done = com.ExecuteNonQuery();
                con.Close();
                com = null;
                con.Dispose();
            }
        }
        catch (Exception)
        {
        }
        return done;
    }
}

我不确定运行2个并发查询时会发生什么。
如何测试它是否存在并发问题?

3 个答案:

答案 0 :(得分:2)

在这种情况下使用静态方法是安全的。静态方法中的变量与并发调用隔离!也请看这个链接:variable in static methods inside static class

答案 1 :(得分:2)

不存在并发问题,因为每个请求都有自己的线程,静态方法对每个线程都有单独的调用堆栈。但是,代码中有一些建议。

using System;
using System.Configuration;
using System.Data;
using MySql.Data.MySqlClient;

public static class mydatautility//change to Utilities
{
    public mydatautility()//not required in this scenario
    {
    }
    public static DataTable Table(string query) //change method name to GetTable
    {
        string constr = ConfigurationManager.ConnectionStrings["db_con"].ConnectionString;
        DataTable table = new DataTable();
        try
        {
            using (MySqlConnection con = new MySqlConnection(constr))
            {
                con.Close();//not required
                using(MySqlCommand com = new MySqlCommand(query, con))
                {
                MySqlDataAdapter da = new MySqlDataAdapter(com);
                con.Open();
                da.Fill(table);
                con.Close();
                da = null;// reduntant, not required
                com = null;// reduntant, not required
                con.Dispose();// reduntant, not required
                }
            }
        }
        catch (Exception)
        {
        }
        return table;
    }
    public static bool InsertEmployee(string query)// consider changing int to bool since you only require result of operation
    {
        string constr = ConfigurationManager.ConnectionStrings["db_con"].ConnectionString;
        int done = 0;
        try
        {
            using (MySqlConnection con = new MySqlConnection(constr))
            {
                Using(MySqlCommand com = new MySqlCommand(query, con))
                {
                con.Open();
                done = com.ExecuteNonQuery();
                con.Close();
                com = null;// reduntant, not required
                con.Dispose();// reduntant, not required
                }
            }
        }
        catch (Exception)
        {
        }
        return done > 0; // checks rows affected greater than 0
    }
}

答案 2 :(得分:1)

我认为这是安全的,但不好的做法。如果您使用静态方法来访问实时资源,那么您希望如何对它们进行单元测试?你不能再真正模拟数据库访问了。

相关问题
最新问题