在web中,安全性主要体现在两个方面:一个是程序安全性,即防止网页在插入恶意代码;另一个是数据库安全性,这个我们可以经常备份数据库来实现。
在文中,我将演示如果在网页中备份和恢复数据库。
        其实备份和恢复数据库都是利用SQL Server提供的SQL语句来备份的。
备份:use master;backup database @name to disk=@path;
恢复:use master;restore database @name from disk=@path;
        上面用的是参数化SQL语句,可以在程序执行的时候动态给参数赋值。
 
代码:
     1. <%@ Page Language="C#" AutoEventWireup="true" CodeFile="DatabaseAction.aspx.cs" Inherits="DatabaseAction" %>
     2.
     3. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
     4.
     5. <html xmlns="http://www.w3.org/1999/xhtml" >
     6. <head runat="server">
     7.         <title>无标题页</title>
     8. </head>
     9. <body>
    10.         <form id="form1" runat="server">
    11.         <div>
    12.         <table border="0" width="100%">
    13.         <tr><td colspan="2">数据库还原和备份</td></tr>
    14.         <tr><td>请选择数据库</td><td>
    15.                 <asp:DropDownList ID="ddlDatabaseList" runat="server">
    16.                 </asp:DropDownList></td></tr>
    17.         <tr><td>
    18.                 数据库文件名</td><td>
    19.                 <asp:TextBox ID="txtDbFileName" runat="server"></asp:TextBox></td></tr>
    20.         <tr><td>
    21.                 操作选项</td><td>
    22.                 <asp:RadioButton ID="rbBackup" runat="server" Checked="True" GroupName="action" Text="备份" />
    23.                 <asp:RadioButton ID="rbRestore" runat="server" GroupName="action" Text="还原" /></td></tr>
    24.                 <tr><td>
    25.                 操作</td><td>
    26.                            <asp:Button ID="btnOK" runat="server" OnClick="btnOK_Click" Text="执行" /></td></tr>
    27.         </table>
    28.         </div>
    29.         </form>
    30. </body>
    31. </html>
 
后台代码:
     1. using System;
     2. using System.Data;
     3. using System.Configuration;
     4. using System.Collections;
     5. using System.Web;
     6. using System.Web.Security;
     7. using System.Web.UI;
     8. using System.Web.UI.WebControls;
     9. using System.Web.UI.WebControls.WebParts;
    10. using System.Web.UI.HtmlControls;
    11. using System.Data.SqlClient;
    12.
    13. /// <summary>
    14. /// 功能说明:本例中演示在asp.net中如何备份和恢复数据库
    15. /// 备份数据库主要使用数据库的备份语句。数据库备份文件放在
    16. /// App_Data文件夹下。
    17. /// 作者:周公
    18. /// 日期:2008-08-19
    19. /// 首发地址:http://blog.csdn.net/zhoufoxcn/archive/2008/08/19/2796077.aspx
    20. /// </summary>
    21. public partial class DatabaseAction : System.Web.UI.Page
    22. {
void Page_Load() void Page_Load(object sender, EventArgs e)
    24.         {
    25.                 if (!Page.IsPostBack)
    26.                 {
    27.                         //在DropDownList中绑定所有数据库
    28.                         SqlConnection connection = new SqlConnection("Data Source=ZHOUFOXCN;User ID=sa;Password=sa");
    29.                         SqlCommand command = new SqlCommand("sp_helpdb", connection);
    30.                         command.CommandType = CommandType.StoredProcedure;
    31.                         connection.Open();
    32.                         SqlDataReader reader = command.ExecuteReader();
    33.                         ddlDatabaseList.DataSource = reader;
    34.                         ddlDatabaseList.DataTextField = "Name";
    35.                         ddlDatabaseList.DataBind();
    36.                         reader.Close();
    37.                         connection.Close();
    38.                 }
    39.         }
void btnOK_Click() void btnOK_Click(object sender, EventArgs e)
    41.         {
    42.                 string dbFileName = txtDbFileName.Text.Trim();
    43.                 SqlConnection connection = new SqlConnection("Data Source=ZHOUFOXCN;User ID=sa;Password=sa");
    44.                 string dbName = ddlDatabaseList.SelectedValue;
    45.                 if (!dbFileName.EndsWith(".bak"))
    46.                 {
    47.                         dbFileName += ".bak";
    48.                 }
    49.                 if (rbBackup.Checked)//备份数据库
    50.                 {
    51.                         SqlCommand command = new SqlCommand("use master;backup database @name to disk=@path;",connection);
    52.                         connection.Open();
    53.                         string path=Server.MapPath("~\\App_Data")+"\\"+dbFileName;
    54.                         command.Parameters.AddWithValue("@name", dbName);
    55.                         command.Parameters.AddWithValue("@path", path);
    56.                         command.ExecuteNonQuery();
    57.                         connection.Close();
    58.                 }
    59.                 else//恢复数据库
    60.                 {
    61.                         SqlCommand command = new SqlCommand("use master;restore database @name from disk=@path;", connection);
    62.                         connection.Open();
    63.                         string path = Server.MapPath("~\\App_Data") + "\\" + dbFileName;
    64.                         command.Parameters.AddWithValue("@name", dbName);
    65.                         command.Parameters.AddWithValue("@path", path);
    66.                         command.ExecuteNonQuery();
    67.                         connection.Close();
    68.                 }
    69.         }
    70. }
以上代码在WindowsXP+VisualStudio2005+SQL Server2000下测试通过