数据库连接字符串

一:可以直接编写:

无验证:

string connectionString = "data source = (local); database = TEMP; integrated security = true";

使用验证:

Data Source = myServerAddress;Initial Catalog = myDataBase;User Id = myUsername;Password = myPassword;


二:可以使用SqlConnectionStringBuilder编写:

SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();

builder.DataSource = "";
builder.InitialCatalog = "";
builder.IntegratedSecurity = true;

string connectionString = builder.ConnectionString;


三:还可以在web.config文件中编写:

首先引入命名空间:

using System.Configuration;

web.config:

<connectionStrings>
<add name="connectionString" connectionString="data source = (local); database = TEMP; integrated security = true"/>
</connectionStrings>


连接字符串:

string connectionString = ConfigurationManager.ConnectionStrings["connectionString"].ConnectionString;

 


这种方法编写,可以随时修改数据库的账号密码。

 


四:另一种web.config文件编写:

首先要在配置文件web.config中写入以下代码,此处注意了,跟原来写的连接字符串不同:

1 <connectionStrings>
2 <clear/>
3 <add name="partialConnectString"
4 connectionString="Initial Catalog=Northwind;"
5 providerName="System.Data.SqlClient" />
6 </connectionStrings>

其中,写入的是providerName字段,跟原来的不同。

 

然后就可以在.cs文件中编写连接程序了:

可以自定义一个连接字符串方法BuildConnectionString():

1 public string void BuildConnectionString(string dataSource,string userName, string userPassword)
2 {
3 ConnectionStringSettings settings =
4 ConfigurationManager.ConnectionStrings["partialConnectString"];
5
6 if (null != settings)
7 {
8 string connectString = settings.ConnectionString;
9
10 SqlConnectionStringBuilder builder =
11 new SqlConnectionStringBuilder(connectString);
12
13 builder.DataSource = dataSource;
14 builder.UserID = userName;
15 builder.Password = userPassword;
16 return (builder.ConnectionString);
17 }
18 }

其中,传入“数据源”、“用户名”、“密码”。然后返回连接字符串。

这个就是用配置文件编写连接字符串的方法。

 


五:防止连接字符串的参数注入:

使用sqlConnectionStringBuilder来处理 Initial Catalog 设置插入的额外值:

1 System.Data.SqlClient.SqlConnectionStringBuilder builder = new System.Data.SqlClient.SqlConnectionStringBuilder();
2 builder["Data Source"] = "(local)";
3 builder["integrated Security"] = true;
4 builder["Initial Catalog"] = "AdventureWorks;NewValue=Bad";
5 string connectionString = builder.ConnectionString;

其中,;NewValue=Bad就是注入的其他字符串,如果不加处理直接运行,会出错。这种情况下,就可以使用builder构造链接字符串。

 

posted on 2015-05-02 11:04  ultrastrong  阅读(301)  评论(0编辑  收藏  举报