帮忙解析一下几句代码

为了方便提问，我把整段代码都贴上来了。下面代码有些不太理解，请帮忙解析一下。代码中的注解就是我要提的问题。如果能以在代码中添加注解的方式来回答，那就更好了。<%@ Page Language="C#" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">    const string conString = @"Server=.\SQLExpress;Integrated Security=True;
        AttachDbFileName=|DataDirectory|FilesDB.mdf;User Instance=True";
    //这里的符号@,是什么意思？    void btnAdd_Click(Object s, EventArgs e)
    {
        if (upFile.HasFile)
        {
            if (CheckFileType(upFile.FileName))
            {
                AddFile(upFile.FileName, upFile.FileContent);
                rptFiles.DataBind();
            }
        }
    }

    bool CheckFileType(string fileName)
    {
        return Path.GetExtension(fileName).ToLower() == ".doc";
    }

    void AddFile(string fileName, Stream upload)
    {
        SqlConnection con = new SqlConnection(conString);        SqlCommand cmd = new SqlCommand("INSERT Files (FileName) Values (@FileName);" +
          "SELECT @Identity = SCOPE_IDENTITY()", con);
        //SELECT @Identity = SCOPE_IDENTITY() 麻烦帮忙详细解说一下这句话，特别是这里的Identity？        cmd.Parameters.AddWithValue("@FileName", fileName);
        SqlParameter idParm = cmd.Parameters.Add("@Identity", SqlDbType.Int);
        idParm.Direction = ParameterDirection.Output;        using (con)
        {
            con.Open();
            cmd.ExecuteNonQuery();
            int newFileId = (int)idParm.Value;
            StoreFile(newFileId, upload, con);
        }
        //using 的这种用法没见过，using的这种用法？
    }

    void StoreFile(int fileId, Stream upload, SqlConnection connection)
    {
        int bufferLen = 8040;
        BinaryReader br = new BinaryReader(upload);
        byte[] chunk = br.ReadBytes(bufferLen);        SqlCommand cmd = new SqlCommand("UPDATE Files SET FileBytes=@Buffer WHERE Id=@FileId", connection);
        cmd.Parameters.AddWithValue("@FileId", fileId);
        cmd.Parameters.Add("@Buffer", SqlDbType.VarBinary, bufferLen).Value = chunk;
        cmd.ExecuteNonQuery();


        SqlCommand cmdAppend = new SqlCommand("UPDATE Files SET FileBytes .WRITE(@Buffer, NULL, 0) WHERE Id=@FileId", connection);
        cmdAppend.Parameters.AddWithValue("@FileId", fileId);
        cmdAppend.Parameters.Add("@Buffer", SqlDbType.VarBinary, bufferLen);
        chunk = br.ReadBytes(bufferLen);

        while (chunk.Length > 0)
        {
            cmdAppend.Parameters["@Buffer"].Value = chunk;
            cmdAppend.ExecuteNonQuery();
            chunk = br.ReadBytes(bufferLen);
        }        br.Close();
    }
    //麻烦帮我详细解析一下这个函数里的各个句子。？

</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
    <title>FileUpload Large</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>

    <asp:Label
        id="lblFile"
        Text="Word Document:"
        AssociatedControlID="upFile"
        Runat="server" />    <asp:FileUpload
        id="upFile"
        Runat="server" />    <asp:Button
        id="btnAdd"
        Text="Add Document"
        OnClick="btnAdd_Click"
        Runat="server" />    <hr />

    <asp:Repeater
        id="rptFiles"
        DataSourceID="srcFiles"
        Runat="server">
        <HeaderTemplate>
        <ul class="fileList">
        </HeaderTemplate>
        <ItemTemplate>
        <li>
        <asp:HyperLink
            id="lnkFile"
            Text='<%#Eval("FileName")%>'
            NavigateUrl='<%#Eval("Id", "~/FileHandlerLarge.ashx?id={0}")%>'
            Runat="server" />
        </li>
        </ItemTemplate>
        <FooterTemplate>
        </ul>
        </FooterTemplate>
    </asp:Repeater>

    <asp:SqlDataSource
        id="srcFiles"
        ConnectionString="Server=.\SQLExpress;Integrated Security=True;
            AttachDbFileName=|DataDirectory|FilesDB.mdf;User Instance=True"
        SelectCommand="SELECT Id,FileName FROM Files"
        Runat="server" />

    </div>
    </form>
</body>
</html>
本人刚学asp.net不久，拜谢了。

解决方案 »

免费领取超大流量手机卡，每月29元包185G流量+100分钟通话, 中国电信官方发货

<%@ Page Language="C#" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">    const string conString = @"Server=.\SQLExpress;Integrated Security=True;
        AttachDbFileName=|DataDirectory|FilesDB.mdf;User Instance=True";
    //这里的符号@,是什么意思？表示后面的字符串强制不转义，默认不加@则会转义，比如\r表示一个回车，不转义的话就表示一个\和一个r    void btnAdd_Click(Object s, EventArgs e)
    {
        if (upFile.HasFile)
        {
            if (CheckFileType(upFile.FileName))
            {
                AddFile(upFile.FileName, upFile.FileContent);
                rptFiles.DataBind();
            }
        }
    }

    bool CheckFileType(string fileName)
    {
        return Path.GetExtension(fileName).ToLower() == ".doc";
    }

    void AddFile(string fileName, Stream upload)
    {
        SqlConnection con = new SqlConnection(conString);        SqlCommand cmd = new SqlCommand("INSERT Files (FileName) Values (@FileName);" +
          "SELECT @Identity = SCOPE_IDENTITY()", con);
        //SELECT @Identity = SCOPE_IDENTITY() 麻烦帮忙详细解说一下这句话，特别是这里的Identity？声明一个参数，在后面传入一个值，可以避免SQL注入，比直接拼SQL语句好。        cmd.Parameters.AddWithValue("@FileName", fileName);
        SqlParameter idParm = cmd.Parameters.Add("@Identity", SqlDbType.Int);
        idParm.Direction = ParameterDirection.Output;        using (con)
        {
            con.Open();
            cmd.ExecuteNonQuery();
            int newFileId = (int)idParm.Value;
            StoreFile(newFileId, upload, con);
        }
        //using 的这种用法没见过，using的这种用法？在using作用域之后自动释放对象（调用Dispose方法）。
    }

    void StoreFile(int fileId, Stream upload, SqlConnection connection)
    {
        int bufferLen = 8040;
        BinaryReader br = new BinaryReader(upload);
        byte[] chunk = br.ReadBytes(bufferLen);        SqlCommand cmd = new SqlCommand("UPDATE Files SET FileBytes=@Buffer WHERE Id=@FileId", connection);
        cmd.Parameters.AddWithValue("@FileId", fileId);
        cmd.Parameters.Add("@Buffer", SqlDbType.VarBinary, bufferLen).Value = chunk;
        cmd.ExecuteNonQuery();


        SqlCommand cmdAppend = new SqlCommand("UPDATE Files SET FileBytes .WRITE(@Buffer, NULL, 0) WHERE Id=@FileId", connection);
        cmdAppend.Parameters.AddWithValue("@FileId", fileId);
        cmdAppend.Parameters.Add("@Buffer", SqlDbType.VarBinary, bufferLen);
        chunk = br.ReadBytes(bufferLen);

        while (chunk.Length > 0)
        {
            cmdAppend.Parameters["@Buffer"].Value = chunk;
            cmdAppend.ExecuteNonQuery();
            chunk = br.ReadBytes(bufferLen);
        }        br.Close();
    }
    //麻烦帮我详细解析一下这个函数里的各个句子。？就是将流采用参数传递的方式保存到数据库

</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
    <title>FileUpload Large</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>

    <asp:Label
        id="lblFile"
        Text="Word Document:"
        AssociatedControlID="upFile"
        Runat="server" />    <asp:FileUpload
        id="upFile"
        Runat="server" />    <asp:Button
        id="btnAdd"
        Text="Add Document"
        OnClick="btnAdd_Click"
        Runat="server" />    <hr />

    <asp:Repeater
        id="rptFiles"
        DataSourceID="srcFiles"
        Runat="server">
        <HeaderTemplate>
        <ul class="fileList">
        </HeaderTemplate>
        <ItemTemplate>
        <li>
        <asp:HyperLink
            id="lnkFile"
            Text='<%#Eval("FileName")%>'
            NavigateUrl='<%#Eval("Id", "~/FileHandlerLarge.ashx?id={0}")%>'
            Runat="server" />
        </li>
        </ItemTemplate>
        <FooterTemplate>
        </ul>
        </FooterTemplate>
    </asp:Repeater>

    <asp:SqlDataSource
        id="srcFiles"
        ConnectionString="Server=.\SQLExpress;Integrated Security=True;
            AttachDbFileName=|DataDirectory|FilesDB.mdf;User Instance=True"
        SelectCommand="SELECT Id,FileName FROM Files"
        Runat="server" />

    </div>
    </form>
</body>
</html>
“SELECT @Identity = SCOPE_IDENTITY() 麻烦帮忙详细解说一下这句话，特别是这里的Identity”就是返回你刚刚插入的数据id值
//这里的符号@,是什么意思？
@在c#中为强制不转义的符号,在里面的转义字符无效通俗的说法就是@后面的“”表示一个字符串（可以避免换行这类的转义字符分割），写长SQL语句的时候避免拼起来的麻烦。方便可以复制到查询分析器用。//SELECT @Identity = SCOPE_IDENTITY() 麻烦帮忙详细解说一下这句话，特别是这里的Identity？获取添加记录的自增ID。
//using 的这种用法没见过，using的这种用法？using的用法和一般的写法一样，不过using的好处是用完它会自己释放资源，而不需要你写关闭释放语句。
//这里的符号@,是什么意思？
转义,如果不加上@ 你字符串内的\符号就通不过,如果不加上@,你字符串内的\符号就要用\\来表示,降低了可读性
//SELECT @Identity = SCOPE_IDENTITY() 麻烦帮忙详细解说一下这句话，特别是这里的Identity？
这里是返回了一个数据库内自动增加的字段值,一般插入操作后用到,如返回新插入的ID值//using 的这种用法没见过，using的这种用法？
using 内的内容在using结束后会自动释放掉
如果不用它相当于:con.close();
    //麻烦帮我详细解析一下这个函数里的各个句子。？    void StoreFile(int fileId, Stream upload, SqlConnection connection)
    {
        //从流br内读取长度为8040的数据
        int bufferLen = 8040;
        BinaryReader br = new BinaryReader(upload);
        byte[] chunk = br.ReadBytes(bufferLen);        //修改数据表Files内Id为fileId的数据流为chunk
        SqlCommand cmd = new SqlCommand("UPDATE Files SET FileBytes=@Buffer WHERE Id=@FileId", connection);
        cmd.Parameters.AddWithValue("@FileId", fileId);
        cmd.Parameters.Add("@Buffer", SqlDbType.VarBinary, bufferLen).Value = chunk;
        cmd.ExecuteNonQuery();
        //###AAA###追加数据表Files内Id为fileId的数据流
        SqlCommand cmdAppend = new SqlCommand("UPDATE Files SET FileBytes .WRITE(@Buffer, NULL, 0) WHERE Id=@FileId", connection);
        cmdAppend.Parameters.AddWithValue("@FileId", fileId);
        cmdAppend.Parameters.Add("@Buffer", SqlDbType.VarBinary, bufferLen);        //当br流中有可读数据时,追加至###AAA###
        chunk = br.ReadBytes(bufferLen);
        while (chunk.Length > 0)
        {
            cmdAppend.Parameters["@Buffer"].Value = chunk;
            cmdAppend.ExecuteNonQuery();
            chunk = br.ReadBytes(bufferLen);
        }        //关闭流
        br.Close();
    }
SCOPE_IDENTITY() 当前会话,当前作用域
@@IDENTITY  当前会话,所有作用域
详细可查看：MSDN.SCOPE_IDENTITY (Transact-SQL)或MSDN.SQL90