13. “參數”的寫法,避免 SQL Injection攻擊
(跟以前一樣,寫法雷同)
var Conn = new SqlConnection(connectionString);
Conn.Open();
//重點!參數的寫法!!
var Com = new SqlCommand("Select title from test Where id = @ID", Conn);
Com.Parameters.AddWithValue(“@ID", 3);
// 分開寫成 .Add()方法與 Value屬性,也可運作
using (SqlDataReader dr = Com.ExecuteReader())
{ // ……後續省略……
14. Q : ADO.NET怎麼只剩下 DataReader了?
以前慣用的 DataSet呢?
詳見這篇文章的說明 (2016/2/10發表)
https://blogs.msdn.microsoft.com/dotnet/2016/02/10/porting-to-net-core/
System.Data. While the base layer is already part of .NET Core, i.e.
the provider model and SQL client, some features are currently not
available, such as schema support and DataTable/DataSet.
System.Transactions. While ADO.NET supports transactions,
there is no support for distributed transactions, which includes the
notion of ambient transactions and enlistment. (可參閱這本書 -- 深入
探索 .NET資料存取:ADO.NET + SqlDataSource + LINQ (松崗) )
System.Net.Mail. There is currently no support for sending
emails from .NET Core using these APIs.
目前 Core 1.0 不支援,不代表以後不支援。