Imports System.Configuration
Imports System.Data.Common

'还需要引用system.configuration
app.config中配置连接字符串
<configuration>
<connectionStrings>

<add name="数据工厂测试.My.MySettings.Setting" connectionString="Data Source=wangli;Initial Catalog=VideoGames;Persist Security Info=True;User ID=sa;Password=sa"
providerName="System.Data.sqlClient" />
<add name ="VideoGameStoreDb" connectionString ="Data Source=wangli;Initial Catalog=VideoGames;Persist Security Info=True;User ID=sa;Password=sa"
providerName="System.Data.sqlClient"/>
</connectionStrings>
</configuration>

Public Class ClsFactory
    Public Sub Delete(ByVal pId As Integer)
        '获得连接字符串
        Dim css As ConnectionStringSettings
        css = ConfigurationManager.ConnectionStrings("VideoGameStoreDb")
 
        '在数据连接的上建立工厂类
        Dim Factory As DbProviderFactory
        Factory = DbProviderFactories.GetFactory(css.ProviderName)
 
        '建立连接 ，执行任务
        Using conn As DbConnection = Factory.CreateConnection
            conn.ConnectionString = css.ConnectionString
 
            '生成命令
            Using cmd As DbCommand = Factory.CreateCommand
                cmd.Connection = conn
                cmd.CommandType = CommandType.Text
                cmd.CommandText = "delete from customer where customerId=@id"
 
                '创建ID参数 
                Dim paramID As DbParameter
                paramID = Factory.CreateParameter
                paramID.ParameterName = "@id"
                paramID.Value = pId
 
                cmd.Parameters.Add(paramID)
 
                '打开连接，执行
                conn.Open()
                Dim count As Integer
                count = cmd.ExecuteNonQuery
 
                conn.Close()
 
                If count < 1 Then
                    Throw New ArgumentOutOfRangeException("id","序号没有找到")
                End If
 
            End Using
        End Using
    End Sub
End Class

'为了降低sql注入攻击的威胁（sql injection），建议使用参数，而不要使用字符串的连接。恶意sql代码可能通过字符串的连接而执行。如：操作者可能在某一字段 输入一个右引号，后面跟完整sql语句。由于该字符串会被追加到SELECT 语句的后面，引事情后的语句便会执行。