我正在开发一个 Web 应用程序,它是一个 B2B 门户应用程序。我的应用程序遵循 2 层架构。 下面是一段代码,将公司注册到我的网站
/// <summary>
/// Register Company with the business bazaar
/// </summary>
/// <param name="registration"></param>
/// <returns></returns>
public static bool RegisterCompany(Registration registration)
{
bool result;
using (var helper = new DbHelper())
{
_commandText = "sp_RegisterCompany";
var success = new SqlParameter("@Success", SqlDbType.Bit, 1, ParameterDirection.Output, true, 0, 0,
"Result", DataRowVersion.Default, 0);
var parameters = new[]
{
new SqlParameter("@Name",registration.RegisteredUser.Name),
new SqlParameter("@Designation",registration.Designation ),
new SqlParameter("@Email",registration.RegisteredUser.Email ),
new SqlParameter("@AltEmail",registration.RegisteredUser.AlternateEmail ),
new SqlParameter("@City",registration.City ),
new SqlParameter("@State",registration.State ),
new SqlParameter("@Country",registration.Country ),
new SqlParameter("@Telephone",registration.Telephone ),
new SqlParameter("@Mobile",registration.Mobile ),
new SqlParameter("@CompanyName",registration.CompanyName ),
new SqlParameter("@Website",registration.Website ),
new SqlParameter("@LoginId",registration.RegisteredUser.UserName ),
new SqlParameter("@Password",registration.RegisteredUser.Password ),
success,
};
helper.ExecuteScalar(_commandText, CommandType.StoredProcedure, parameters);
result = (bool) success.Value;
}
return result;
}
我想说的是,我对所有数据层方法都使用静态方法。正如我浏览了网络上的各种文章,指出静态方法比非静态方法具有更多优势。所以我以这种方式设计了我的代码。但是几天前我看到一篇文章说当你为你的类设计一些实用程序时静态方法很有用,否则使用非静态,因为相同的静态对象对其他用户可用。所以我只想弄清楚要遵循哪种方法,静态的还是非静态的。
我正在使用这种格式的类:
public sealed class MyClass
{
private MyClass(){}
public static DataTable GetUserInfoByUserId(int userId)
{
// My datalayer code goes here
}
}
所以我很困惑,如果将上述方法设为静态,将不会使用户 1 的数据可供同时访问应用程序的用户 2 使用。基本上,我想知道这种设计的缺陷。
已更新 下面是我的类(class),展示了我的方法
#region
using System.Data;
using System.Data.SqlClient;
using System;
#endregion
namespace InnovativeTechnosoft.BusinessBazaar.Core
{
public sealed class UserData
{
private static string _commandText = string.Empty;
/// <summary>
/// Takes username and password as input and sets
/// the current user in sessionif the user authenticate
/// successfully
/// </summary>
/// <param name="userName">username as string</param>
/// <param name="password">password as string</param>
/// <returns>datatable</returns>
public static DataTable IsAuthenticated(string userName, string password)
{
DataTable dtResult;
using (var helper = new DbHelper())
{
_commandText = "sp_AuthenticateUsers";
var parameters = new[]
{
new SqlParameter("@username", userName),
new SqlParameter("@password", password),
};
dtResult = helper.ExecuteSelect(_commandText, CommandType.StoredProcedure, parameters);
}
return dtResult;
}
/// <summary>
/// Checks for username if it exists or not
/// </summary>
/// <param name="userName"></param>
/// <returns></returns>
public static bool IsExistingUser(string userName)
{
bool result;
using (var helper = new DbHelper())
{
_commandText = "sp_IsExistingUserName";
var success = new SqlParameter("@Success", SqlDbType.Bit, 1, ParameterDirection.Output, true, 0, 0,
"Result", DataRowVersion.Default, 0);
var parameters = new[]
{
new SqlParameter("@userName", userName),
success,
};
helper.ExecuteScalar(_commandText, CommandType.StoredProcedure, parameters);
result = (bool)success.Value;
}
return result;
}
/// <summary>
/// Register Company with the business bazaar
/// </summary>
/// <param name="registration"></param>
/// <returns></returns>
public static bool RegisterCompany(Registration registration)
{
bool result;
using (var helper = new DbHelper())
{
_commandText = "sp_RegisterCompany";
var success = new SqlParameter("@Success", SqlDbType.Bit, 1, ParameterDirection.Output, true, 0, 0,
"Result", DataRowVersion.Default, 0);
var parameters = new[]
{
new SqlParameter("@Name",registration.RegisteredUser.Name),
new SqlParameter("@Designation",registration.Designation ),
new SqlParameter("@Email",registration.RegisteredUser.Email ),
new SqlParameter("@AltEmail",registration.RegisteredUser.AlternateEmail ),
new SqlParameter("@City",registration.City ),
new SqlParameter("@State",registration.State ),
new SqlParameter("@Country",registration.Country ),
new SqlParameter("@Telephone",registration.Telephone ),
new SqlParameter("@Mobile",registration.Mobile ),
new SqlParameter("@CompanyName",registration.CompanyName ),
new SqlParameter("@Website",registration.Website ),
new SqlParameter("@LoginId",registration.RegisteredUser.UserName ),
new SqlParameter("@Password",registration.RegisteredUser.Password ),
success,
};
helper.ExecuteScalar(_commandText, CommandType.StoredProcedure, parameters);
result = (bool) success.Value;
}
return result;
}
/// <summary>
/// Recovers Password
/// </summary>
/// <param name="email"></param>
/// <param name="password"></param>
/// <returns></returns>
public static bool RecoverPassword(string email, out string password)
{
bool result;
password = string.Empty;
using (var helper = new DbHelper())
{
_commandText = "sp_RecoverPassword";
var success = new SqlParameter("@Success", SqlDbType.Bit, 1, ParameterDirection.Output, true, 0, 0,
"Result", DataRowVersion.Default, 0);
var pwd = new SqlParameter("@Password", SqlDbType.NVarChar, 50, ParameterDirection.Output, true, 0, 0, "Password", DataRowVersion.Default, string.Empty);
var parameters = new[]
{
new SqlParameter("@Email",email ),
success,
};
helper.ExecuteScalar(_commandText, CommandType.StoredProcedure, parameters);
result = (bool)success.Value;
password = Convert.ToString(pwd.Value);
}
return result;
}
/// <summary>
/// Update Password
/// </summary>
/// <param name="email"></param>
/// <param name="password"></param>
/// <returns></returns>
public static bool UpdatePassword(int userId,string password)
{
bool result;
using (var helper = new DbHelper())
{
_commandText = "sp_UpdatePassword";
var success = new SqlParameter("@Success", SqlDbType.Bit, 1, ParameterDirection.Output, true, 0, 0,
"Result", DataRowVersion.Default, 0);
var parameters = new[]
{
new SqlParameter ("@UserId",userId),
new SqlParameter("@Password",password ),
success,
};
helper.ExecuteScalar(_commandText, CommandType.StoredProcedure, parameters);
result = (bool)success.Value;
}
return result;
}
}
}
这将是一个很大的帮助。
问候 阿米特·兰詹
最佳答案
您可以使用静态函数,但您应该完全避免使用静态变量或成员。简而言之,不要在静态上下文中“保存”任何信息。这些在应用范围内可用,并且对于来自不同用户的不同请求可能是相同的。
在静态函数中运行数据访问操作应该没有问题。
关于c# - 在 ASP.Net Web 应用程序数据层中实现静态方法是否安全?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6503293/