PS: The article written by KJ Daniel. Yesterday when I was chatting with a friend, I mentioned the command query of ADO. I actually forgot about this thing. It seems that my memory is really bad. I found the article by KJ Daniel. Please read it. Generally, friends who write ASP PHP code probably use direct operation of SQL~
Look at the following code
<%
dim conn,rs
set conn=CreateObject(Adodb.Connection)
conn.open....
set rs=conn.execute(select * from news);
...
Traverse rs....
%>
It is certain that the implementation speed is fast, but of course one and a half statements in the structural logic does not matter! Problems arise when there are too many statements!
The parameters are not filtered, there is SQL injection, etc. OK, now let’s change the design model!
Adopt 3-layer structure + ORM
ORM: OBJECT RELATION MAPPING
So what is ORM technology? Friends who are familiar with JAVA .NET development must know very well...that is object-relational mapping
Map tables to class fields, map them to properties, and map records to objects... There are now many JAVA ORM persistence layer frameworks
For example, hibernate ibatis EntityBean (one of EJB)
What about ASP? We can also achieve it. Wait for introduction
3-layer structure: WEB presentation layer, middle layer, persistence layer
Here is a simple news table
create table news(
id int,
title varchar(200),
contact varchar(50000)
)
We map it as a class
<%
Class News
private id,title,contact
Sub setID(sid)
id=Cint(sid)
End Sub
Function getID
getID=id
End Function
Sub setTitle(stitle)
title=mid(stitle,1,200)'limits the length
End Sub
....
End Class
%>
Then we design the code on how to operate the database and convert it into objects.
<%
Class NewsDataAccessObject
dim conn,rs,cmd
'Query a piece of news
Function getNewsByID(id)
set conn=Application(connection)'Get a connection from the connection pool
set cmd=GetCmd() ' GETCMD function implementation return createobject(Adodb.Command)
selectString=select * from NEWS where id = @id
cmd.ActiveConnection = conn
cmd.CommandType = adCmdText ' Const adCmdText=1
cmd.CommandText = selectString
'Add parameters to the @id just now, constant adInteger = 3 adParamInput=1
cmd.Parameters.Append cmd.CreateParameter(@id, adInteger, adParamInput, , id)
'Run the SQL statement and return the result set
set rs=cmd.execute()
dim anews
set anew=new News
if rs.eof then
else
anew.setID(rs(id)&)
anew.setTitle(rs(title)&)
anew.setContect(rs(Contect)&)
end if
rs.close
set rs=nothing
set cmd=nothing
set conn=nothing
set getNewsByID=anew
End Function
'Insert a news article
Function addNews(anew)
dim conn,cmd
if isempty(anew) then addNews=false
set conn=Application(connection)' Get a connection in the connection pool
set cmd=GetCmd() ' GETCMD function implementation return createobject(Adodb.Command)
insertString=insert into NEWS(id,title,contect) values( @id , @title , @contect )
cmd.ActiveConnection = conn
cmd.CommandType = adCmdText ' Const adCmdText=1
cmd.CommandText = insertString
'Add parameters to the @id @title @contect just now, constant adInteger = 3 adParamInput=1 adVarWChar = 202
cmd.Parameters.Append cmd.CreateParameter(@id, adInteger, adParamInput, , anew.getID() )
cmd.Parameters.Append cmd.CreateParameter(@title,adVarWChar, adParamInput, 200, anew.getTitle() )
cmd.Parameters.Append cmd.CreateParameter(@contect,adVarWChar, adParamInput, 50000, anew.getConect() )
'Run SQL statement
cmd.execute()
set cmd=nothing
set conn=nothing
addNews=true
End Function
Function findByTitle(stitle)
....
End Function
Function getPageNews(page,size)
....
End Function
End Class
%>
The above is to operate the database and then encapsulate the results into the object or write the object into the database.
Although the speed of this implementation will be slightly slower, the overall logical structure is very obvious, and there is no need to care whether the variables have been filtered or multi-filtered.
Designers at the web page layer focus more on the interface.
Add news code to submit below
<%
dim id,title,contect,anew,dao
id=Request(id)
title=Request.Form(title)
contact=Request.Form(contect)
set anew=new NEWS
anew.setID(id)
anew.setTitle(title)
anew.setContect(contect)
set dao=new NewsDataAccessObject
if dao.addNews(anew) then
'response.write
echo success
else
echo error
end if
%>
Check out the news and display it
<%
dim id,dao,anew
id=Request(id)
set dao=new NewsDataAccessObject
set anew=dao.getNewsByID(id)
if anew.getID()<> then
%>
Title:<%=anew.getTitle()%>
Content:<%=anew.getContect()%>
.....
If there are any errors or omissions in the above code snippet, thank you for your advice~~~
Using this design method, there is no need to use an article system like XXXBLOG XXXBBS XXX
Forgot Replace(SQL,','') and injection occurred!
In terms of the cleanliness of the page, there will be no SQL statements. Artists such as the connection are responsible for their own work and then put the properties of the object in the corresponding position.
And some friends may think about user authentication! It would be easier to just put the user object of the user table into the session.
<%
if isempty(session(user)) or session(user)= then
'Jump
else
set auser=session(user)
echo welcome: & auser.getName()
%>