在web中,安全性主要体现在两个方面:一个是程序安全性,即防止网页在插入恶意代码;另一个是数据库安全性,这个我们可以经常备份数据库来实现。
在文中,我将演示如果在网页中备份和恢复数据库。
其实备份和恢复数据库都是利用SQL Server提供的SQL语句来备份的。
备份:use master;backup database @name to disk=@path;
恢复:use master;restore database @name from disk=@path;
上面用的是参数化SQL语句,可以在程序执行的时候动态给参数赋值。
在文中,我将演示如果在网页中备份和恢复数据库。
其实备份和恢复数据库都是利用SQL Server提供的SQL语句来备份的。
备份:use master;backup database @name to disk=@path;
恢复:use master;restore database @name from disk=@path;
上面用的是参数化SQL语句,可以在程序执行的时候动态给参数赋值。
代码:
1.
<
%@ Page
Language
="C#"
AutoEventWireup
="true"
CodeFile
="DatabaseAction.aspx.cs"
Inherits
="DatabaseAction" %
>
2.
3. < !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
4.
5. < html xmlns ="http://www.w3.org/1999/xhtml" >
6. < head runat ="server" >
7. < title >无标题页 </title>
8. </head>
9. < body >
10. < form id ="form1" runat ="server" >
11. < div >
12. < table border ="0" width ="100%" >
13. < tr > < td colspan ="2" >数据库还原和备份 </td> </tr>
14. < tr > < td >请选择数据库 </td> < td >
15. < asp:DropDownList ID ="ddlDatabaseList" runat ="server" >
16. </asp:DropDownList> </td> </tr>
17. < tr > < td >
18. 数据库文件名 </td> < td >
19. < asp:TextBox ID ="txtDbFileName" runat ="server" > </asp:TextBox> </td> </tr>
20. < tr > < td >
21. 操作选项 </td> < td >
22. < asp:RadioButton ID ="rbBackup" runat ="server" Checked ="True" GroupName ="action" Text ="备份" />
23. < asp:RadioButton ID ="rbRestore" runat ="server" GroupName ="action" Text ="还原" /> </td> </tr>
24. < tr > < td >
25. 操作 </td> < td >
26. < asp:Button ID ="btnOK" runat ="server" OnClick ="btnOK_Click" Text ="执行" /> </td> </tr>
27. </table>
28. </div>
29. </form>
30. </body>
31. </html>
2.
3. < !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
4.
5. < html xmlns ="http://www.w3.org/1999/xhtml" >
6. < head runat ="server" >
7. < title >无标题页 </title>
8. </head>
9. < body >
10. < form id ="form1" runat ="server" >
11. < div >
12. < table border ="0" width ="100%" >
13. < tr > < td colspan ="2" >数据库还原和备份 </td> </tr>
14. < tr > < td >请选择数据库 </td> < td >
15. < asp:DropDownList ID ="ddlDatabaseList" runat ="server" >
16. </asp:DropDownList> </td> </tr>
17. < tr > < td >
18. 数据库文件名 </td> < td >
19. < asp:TextBox ID ="txtDbFileName" runat ="server" > </asp:TextBox> </td> </tr>
20. < tr > < td >
21. 操作选项 </td> < td >
22. < asp:RadioButton ID ="rbBackup" runat ="server" Checked ="True" GroupName ="action" Text ="备份" />
23. < asp:RadioButton ID ="rbRestore" runat ="server" GroupName ="action" Text ="还原" /> </td> </tr>
24. < tr > < td >
25. 操作 </td> < td >
26. < asp:Button ID ="btnOK" runat ="server" OnClick ="btnOK_Click" Text ="执行" /> </td> </tr>
27. </table>
28. </div>
29. </form>
30. </body>
31. </html>
后台代码:
1. using System;
2. using System.Data;
3. using System.Configuration;
4. using System.Collections;
5. using System.Web;
6. using System.Web.Security;
7. using System.Web.UI;
8. using System.Web.UI.WebControls;
9. using System.Web.UI.WebControls.WebParts;
10. using System.Web.UI.HtmlControls;
11. using System.Data.SqlClient;
12.
13. /// <summary>
14. /// 功能说明:本例中演示在asp.net中如何备份和恢复数据库
15. /// 备份数据库主要使用数据库的备份语句。数据库备份文件放在
16. /// App_Data文件夹下。
17. /// 作者:周公
18. /// 日期:2008-08-19
19. /// 首发地址:http://blog.csdn.net/zhoufoxcn/archive/2008/08/19/2796077.aspx
20. /// </summary>
21. public partial class DatabaseAction : System.Web.UI.Page
22. {
void Page_Load() void Page_Load(object sender, EventArgs e)
24. {
25. if (!Page.IsPostBack)
26. {
27. //在DropDownList中绑定所有数据库
28. SqlConnection connection = new SqlConnection( "Data Source=ZHOUFOXCN;User ID=sa;Password=sa");
29. SqlCommand command = new SqlCommand( "sp_helpdb", connection);
30. command.CommandType = CommandType.StoredProcedure;
31. connection.Open();
32. SqlDataReader reader = command.ExecuteReader();
33. ddlDatabaseList.DataSource = reader;
34. ddlDatabaseList.DataTextField = "Name";
35. ddlDatabaseList.DataBind();
36. reader.Close();
37. connection.Close();
38. }
39. }
void btnOK_Click() void btnOK_Click(object sender, EventArgs e)
41. {
42. string dbFileName = txtDbFileName.Text. Trim();
43. SqlConnection connection = new SqlConnection( "Data Source=ZHOUFOXCN;User ID=sa;Password=sa");
44. string dbName = ddlDatabaseList.SelectedValue;
45. if (!dbFileName.EndsWith( ".bak"))
46. {
47. dbFileName += ".bak";
48. }
49. if (rbBackup.Checked)//备份数据库
50. {
51. SqlCommand command = new SqlCommand( "use master;backup database @name to disk=@path;",connection);
52. connection.Open();
53. string path=Server.MapPath( "~\\App_Data")+"\\"+dbFileName;
54. command.Parameters.AddWithValue( "@name", dbName);
55. command.Parameters.AddWithValue( "@path", path);
56. command.ExecuteNonQuery();
57. connection.Close();
58. }
59. else//恢复数据库
60. {
61. SqlCommand command = new SqlCommand( "use master;restore database @name from disk=@path;", connection);
62. connection.Open();
63. string path = Server.MapPath( "~\\App_Data") + "\\" + dbFileName;
64. command.Parameters.AddWithValue( "@name", dbName);
65. command.Parameters.AddWithValue( "@path", path);
66. command.ExecuteNonQuery();
67. connection.Close();
68. }
69. }
70. }
2. using System.Data;
3. using System.Configuration;
4. using System.Collections;
5. using System.Web;
6. using System.Web.Security;
7. using System.Web.UI;
8. using System.Web.UI.WebControls;
9. using System.Web.UI.WebControls.WebParts;
10. using System.Web.UI.HtmlControls;
11. using System.Data.SqlClient;
12.
13. /// <summary>
14. /// 功能说明:本例中演示在asp.net中如何备份和恢复数据库
15. /// 备份数据库主要使用数据库的备份语句。数据库备份文件放在
16. /// App_Data文件夹下。
17. /// 作者:周公
18. /// 日期:2008-08-19
19. /// 首发地址:http://blog.csdn.net/zhoufoxcn/archive/2008/08/19/2796077.aspx
20. /// </summary>
21. public partial class DatabaseAction : System.Web.UI.Page
22. {
void Page_Load() void Page_Load(object sender, EventArgs e)
24. {
25. if (!Page.IsPostBack)
26. {
27. //在DropDownList中绑定所有数据库
28. SqlConnection connection = new SqlConnection( "Data Source=ZHOUFOXCN;User ID=sa;Password=sa");
29. SqlCommand command = new SqlCommand( "sp_helpdb", connection);
30. command.CommandType = CommandType.StoredProcedure;
31. connection.Open();
32. SqlDataReader reader = command.ExecuteReader();
33. ddlDatabaseList.DataSource = reader;
34. ddlDatabaseList.DataTextField = "Name";
35. ddlDatabaseList.DataBind();
36. reader.Close();
37. connection.Close();
38. }
39. }
void btnOK_Click() void btnOK_Click(object sender, EventArgs e)
41. {
42. string dbFileName = txtDbFileName.Text. Trim();
43. SqlConnection connection = new SqlConnection( "Data Source=ZHOUFOXCN;User ID=sa;Password=sa");
44. string dbName = ddlDatabaseList.SelectedValue;
45. if (!dbFileName.EndsWith( ".bak"))
46. {
47. dbFileName += ".bak";
48. }
49. if (rbBackup.Checked)//备份数据库
50. {
51. SqlCommand command = new SqlCommand( "use master;backup database @name to disk=@path;",connection);
52. connection.Open();
53. string path=Server.MapPath( "~\\App_Data")+"\\"+dbFileName;
54. command.Parameters.AddWithValue( "@name", dbName);
55. command.Parameters.AddWithValue( "@path", path);
56. command.ExecuteNonQuery();
57. connection.Close();
58. }
59. else//恢复数据库
60. {
61. SqlCommand command = new SqlCommand( "use master;restore database @name from disk=@path;", connection);
62. connection.Open();
63. string path = Server.MapPath( "~\\App_Data") + "\\" + dbFileName;
64. command.Parameters.AddWithValue( "@name", dbName);
65. command.Parameters.AddWithValue( "@path", path);
66. command.ExecuteNonQuery();
67. connection.Close();
68. }
69. }
70. }
以上代码在WindowsXP+VisualStudio2005+SQL Server2000下测试通过
本文转自周金桥51CTO博客,原文链接: http://blog.51cto.com/zhoufoxcn/166839
,如需转载请自行联系原作者
