I'm building a customization for an existing third-party application. My code runs in the same .NET app pool and is on the same server as the third-party app.
我正在为现有的第三方应用程序构建自定义。我的代码运行在同一个.NET应用程序池中,与第三方应用程序位于同一服务器上。
I dont have any access to their data models and there is no api. I've been writing SQL queries and developing out WCF services for my customizations. This works but it feels 'gross'. Below is an example:
我没有任何访问他们的数据模型,没有api。我一直在编写SQL查询并为我的自定义开发WCF服务。这有效,但感觉“很糟糕”。以下是一个例子:
public DLPDetail GetEventDetail(int id)
{
DLPDetail detail = new DLPDetail();
SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["DLP"].ToString());
con.Open();
SqlCommand command = new SqlCommand("SELECT compound_path, FILE_MATCH_ID FROM E_ABSTRACT_FILE_MATCH WHERE EVENT_ID = '" + id + "'", con);
SqlDataReader reader = command.ExecuteReader();
while (reader.Read())
{
detail.Name = reader.GetString(0);
detail.FileMatchId = reader.GetInt64(1).ToString();
}
return detail;
}
I wondering if there is a better approach I could be taking using something like entity framework or something like that. Any thoughts?
我想知道是否有更好的方法我可以使用像实体框架之类的东西。有什么想法吗?
1 个解决方案
#1
3
A few recommendations:
一些建议:
- If you're directly querying a third party database, you need to be very careful when executing queries against it. If you start passing strings based on user input into those queries you're opening yourself up for a SQL injection. The last thing you want to deal with is angry users and a vendor telling you that you can't get support because you used the product in an unsupported fashion.
- 如果您直接查询第三方数据库,则在对其执行查询时需要非常小心。如果您开始将基于用户输入的字符串传递到这些查询中,那么您将打开SQL注入。您要处理的最后一件事是愤怒的用户和供应商告诉您由于您以不受支持的方式使用该产品而无法获得支持。
- There's nothing wrong with writing plain ol' SQL or stored procedures. You don't have to use the Entity Framework (EF) for every project
- 编写纯粹的SQL或存储过程没有任何问题。您不必为每个项目使用实体框架(EF)
- That said, the EF is a very nice feature set. If you want classes populated with the data you retrieve from the database it's a great choice. Or if you want to populate classes to send off and get updated on the database without having to write SQL, you can do that too.
- 也就是说,EF是一个非常好的功能集。如果您希望使用从数据库中检索的数据填充类,那么这是一个很好的选择。或者,如果您想要填充类以在不必编写SQL的情况下发送和更新数据库,您也可以这样做。
- If you need to squeeze out every last drop of performance, then perhaps writing SQL yourself is the way to go so you have full control of what's being executed, making sure execution plans are correct, etc. If you don't need that level of control, perhaps give EF a try.
- 如果你需要挤出每一滴性能,那么也许你自己编写SQL是可行的,这样你就可以完全控制正在执行的内容,确保执行计划是正确的,等等。如果你不需要那个级别的控制,也许给EF一个尝试。
#1
3
A few recommendations:
一些建议:
- If you're directly querying a third party database, you need to be very careful when executing queries against it. If you start passing strings based on user input into those queries you're opening yourself up for a SQL injection. The last thing you want to deal with is angry users and a vendor telling you that you can't get support because you used the product in an unsupported fashion.
- 如果您直接查询第三方数据库,则在对其执行查询时需要非常小心。如果您开始将基于用户输入的字符串传递到这些查询中,那么您将打开SQL注入。您要处理的最后一件事是愤怒的用户和供应商告诉您由于您以不受支持的方式使用该产品而无法获得支持。
- There's nothing wrong with writing plain ol' SQL or stored procedures. You don't have to use the Entity Framework (EF) for every project
- 编写纯粹的SQL或存储过程没有任何问题。您不必为每个项目使用实体框架(EF)
- That said, the EF is a very nice feature set. If you want classes populated with the data you retrieve from the database it's a great choice. Or if you want to populate classes to send off and get updated on the database without having to write SQL, you can do that too.
- 也就是说,EF是一个非常好的功能集。如果您希望使用从数据库中检索的数据填充类,那么这是一个很好的选择。或者,如果您想要填充类以在不必编写SQL的情况下发送和更新数据库,您也可以这样做。
- If you need to squeeze out every last drop of performance, then perhaps writing SQL yourself is the way to go so you have full control of what's being executed, making sure execution plans are correct, etc. If you don't need that level of control, perhaps give EF a try.
- 如果你需要挤出每一滴性能,那么也许你自己编写SQL是可行的,这样你就可以完全控制正在执行的内容,确保执行计划是正确的,等等。如果你不需要那个级别的控制,也许给EF一个尝试。