I get the feeling I am still using asp type scripting techniques in the script below instead of proper asp.net scripting...
If this is true, how do I do the below the proper .net way?
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Nam开发者_如何学Cespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Text" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<script runat="server">
Dim objSQLConnection As SqlConnection
Dim objSQLCommand As SqlCommand
Dim objSQLDataReader As SqlDataReader
Dim sbWidget As StringBuilder
Dim strUser As String
Function getWidgets() As String
Dim strUserInitials() As String = Request.ServerVariables("LOGON_USER").Split(CChar("\"))
strUser = LCase(Trim(strUserInitials(strUserInitials.GetUpperBound(0)))).ToString()
sbWidget = New StringBuilder()
objSQLConnection = New SqlConnection(System.Configuration.ConfigurationManager.AppSettings("connString"))
For intColumn As Integer = 0 To 2
objSQLCommand = New SqlCommand("select w.widget_id, w.widget_data " & _
"from widgets w " & _
"inner join widget_layout wy on w.widget_id = wy.widget_id " & _
"where wy.column_id = " & intColumn & " " & _
"and wy.user = '" & strUser & "' " & _
"and w.inactive = 0", objSQLConnection)
sbWidget.Append("<div class=""divWidgetColumn"" id=""divWidgetColumn_")
sbWidget.Append(intColumn)
sbWidget.Append(""">" & Environment.NewLine & vbTab & vbTab)
objSQLCommand.Connection.Open()
objSQLDataReader = objSQLCommand.ExecuteReader()
While objSQLDataReader.Read()
sbWidget.Append("<div class=""divWidget"" id=""divWidget_")
sbWidget.Append(objSQLDataReader("widget_id"))
sbWidget.Append(""">" & Environment.NewLine)
sbWidget.Append("<div class=""divWidgetHeader"" id=""divWidgetHeader_")
sbWidget.Append(objSQLDataReader("widget_id"))
sbWidget.Append(""">")
sbWidget.Append("header goes here")
sbWidget.Append("</div>" & Environment.NewLine)
sbWidget.Append("<div class=""divWidgetSubHeader"" id=""divWidgetSubHeader_")
sbWidget.Append(objSQLDataReader("widget_id"))
sbWidget.Append(""">")
sbWidget.Append("sub header goes here")
sbWidget.Append("</div>" & Environment.NewLine)
sbWidget.Append("<div class=""divWidgetContent"" id=""divWidgetContent_")
sbWidget.Append(objSQLDataReader("widget_id"))
sbWidget.Append(""">")
sbWidget.Append("content goes here")
sbWidget.Append("</div>" & Environment.NewLine)
sbWidget.Append("<div class=""divWidgetFooter"" id=""divWidgetFooter_")
sbWidget.Append(objSQLDataReader("widget_id"))
sbWidget.Append(""">")
sbWidget.Append("footer goes here")
sbWidget.Append("</div>" & Environment.NewLine)
sbWidget.Append("</div>" & Environment.NewLine)
End While
sbWidget.Append("</div>" & Environment.NewLine)
objSQLDataReader.Close()
objSQLCommand.Connection.Close()
Next intColumn
Return sbWidget.ToString
End Function
</script>
</head>
<body>
<div class="divWidgets">
<%=getWidgets()%>
</div>
</body>
</html>
There is no one "proper" way. However, if you want to make a clean break from ASP classic and ASP.NET tag soup, I suggest you investigate ASP.NET MVC. For an example of really clean presentation layer code, check out the Razor and Spark view engines.
- As suggested by RedFilter, move to asp.net mvc. It has a lot less resistance than web forms, and a lot clearer guidance on moving that code out of the view.
- Read about SQL Injection. Use .Parameters, entity framework, linq, nhibernate, or whatever, but stop concatenating user sql parameters like that.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论