Hello,
I'm a bit surprised at the amount of boilerplate code required to do
standard data access in .NET and was looking for a way to improve
matters. In Classic ASP, I used to have a common function that was
included in all pages that took an SQL query and returned a disconnected
recordset. This meant that data access could be achieved in a single
line. I would like to do something similar in ASP.NET.
I know I could just duplicate the code, but that means passing the
complete SQL query in as a parameter. I have recently read more about
SQL injection, and would like to take steps to avoid this, so *don't*
want to do...
string SQL = "select * from mtTable where empName='";
SQL += txtEmpName.Text + "'";
as this is open to injection. (Obviously I would escape single quotes in
the text box, but it's still not so secure.)
I would like to set up an array of some type that has two members, a
name and a value. This array could be populated with the parameter names
and values for the query. Thus, the query could be...
"select * from myTable where empName=@empNam e"
and the (in this case only) parameter would be named "empName" and have
a value of (say) "Fred".
So, my problem is, how do I do this? I can't work out how to allow the
value part of the parameter type to be able to store any data type
(which would probably only be one of string, int or double, but you
never know), without falling into problems when trying to pass the value
to the SqlParameter object that is going to expect it to be of the
correct type.
The end result is that I would like to pass this array into a function
that could loop through the members of the array and create a new
SqlParameter for each element, using the name and value as appropriate.
TIA for any help you can give. I hope this was all clear!!
--
Alan Silver
(anything added below this line is nothing to do with me)
9  2308 
You should consider taking a look at the DataAccess block from Microsoft for
some ideas (or even to use it in your code): http://www.microsoft.com/downloads/d...displaylang=en
The way they do it is allow a param to be passed to their function (variable
length array) and use reflection against the sproc to match it up....it's
kinda clever!
Otherwise,quick ly thinking, I think I'd pass a hashtable as a paramter.
Have the key be the parameter name, and the value be, well, the value. You
can look through the hashtable and add paramters.
foreach (DictionaryEntr y entry in hash)
{
command.Paramet ers.Add(entry.K ey).Value = entry.Value;
}
I just have to say, that this entire approach feels weak. Doesn't sound
like you have much of a business object. You DAL seems strictly a querying
engine as opposed to a bridge between your data store and business
entities...
Karl
--
MY ASP.Net tutorials http://www.openmymind.net/ - New and Improved (yes, the popup is annoying) http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Alan Silver" <al*********@no spam.thanx> wrote in message
news:KO******** ******@nospamth ankyou.spam... Hello,
I'm a bit surprised at the amount of boilerplate code required to do
standard data access in .NET and was looking for a way to improve matters.
In Classic ASP, I used to have a common function that was included in all
pages that took an SQL query and returned a disconnected recordset. This
meant that data access could be achieved in a single line. I would like to
do something similar in ASP.NET.
I know I could just duplicate the code, but that means passing the
complete SQL query in as a parameter. I have recently read more about SQL
injection, and would like to take steps to avoid this, so *don't* want to
do...
string SQL = "select * from mtTable where empName='";
SQL += txtEmpName.Text + "'";
as this is open to injection. (Obviously I would escape single quotes in
the text box, but it's still not so secure.)
I would like to set up an array of some type that has two members, a name
and a value. This array could be populated with the parameter names and
values for the query. Thus, the query could be...
"select * from myTable where empName=@empNam e"
and the (in this case only) parameter would be named "empName" and have a
value of (say) "Fred".
So, my problem is, how do I do this? I can't work out how to allow the
value part of the parameter type to be able to store any data type (which
would probably only be one of string, int or double, but you never know),
without falling into problems when trying to pass the value to the
SqlParameter object that is going to expect it to be of the correct type.
The end result is that I would like to pass this array into a function
that could loop through the members of the array and create a new
SqlParameter for each element, using the name and value as appropriate.
TIA for any help you can give. I hope this was all clear!!
--
Alan Silver
(anything added below this line is nothing to do with me)
Alan Silver wrote: Hello,
I'm a bit surprised at the amount of boilerplate code required to do
standard data access in .NET and was looking for a way to improve
matters. In Classic ASP, I used to have a common function that was
included in all pages that took an SQL query and returned a
disconnected recordset. This meant that data access could be achieved
in a single line. I would like to do something similar in ASP.NET.
I know I could just duplicate the code, but that means passing the
complete SQL query in as a parameter. I have recently read more about
SQL injection, and would like to take steps to avoid this, so *don't*
want to do...
string SQL = "select * from mtTable where empName='";
SQL += txtEmpName.Text + "'";
as this is open to injection. (Obviously I would escape single quotes
in the text box, but it's still not so secure.)
I would like to set up an array of some type that has two members, a
name and a value. This array could be populated with the parameter
names and values for the query. Thus, the query could be...
"select * from myTable where empName=@empNam e"
and the (in this case only) parameter would be named "empName" and
have a value of (say) "Fred".
So, my problem is, how do I do this? I can't work out how to allow the
value part of the parameter type to be able to store any data type
(which would probably only be one of string, int or double, but you
never know), without falling into problems when trying to pass the
value to the SqlParameter object that is going to expect it to be of
the correct type.
The end result is that I would like to pass this array into a function
that could loop through the members of the array and create a new
SqlParameter for each element, using the name and value as
appropriate.
TIA for any help you can give. I hope this was all clear!!
And what if you use *three* values in the list? Name, value and *sqltype*.
It's easy to make your own "MyParamete r" class for this, which you put
into the list. The "value" has type "object", so you can put anything into it.
For the rest your idea is similar to what I already have implemented
(sorry, can't let you have that, company property), but I use it only
to call stored procedures.
There are basically three methods I can call in this way, depending
on the output: none, scalar (returns an "object") or dataset.
Hans Kesting
Hi there,
The basic answer to your question is that you need the "value" part to be
of type "object". If you declare your value as an object - it can hold any
other type as well.
Have a look into inheritance for more information on this works.
Also, as mentioned above, looking at the microsoft data access application
block will take care of a lot of this crap for you. It's good to understand
whats going on, but after a while you just wish that data access code would
bugger off and leave you alone. The application block helps a little towards
that end.
I hope that helps
t
>And what if you use *three* values in the list? Name, value and *sqltype*. It's easy to make your own "MyParamete r" class for this,
which you put into the list. The "value" has type "object", so you can
put anything into it.
<snip>
That's a good idea, thanks.
--
Alan Silver
(anything added below this line is nothing to do with me)
>You should consider taking a look at the DataAccess block from Microsoft for some ideas (or even to use it in your code):
http://www.microsoft.com/downloads/d...63D1F0A-9877-4
A7B-88EC-0426B48DF275&di splaylang=en
I looked at it briefly ages ago, but wasn't experienced enough to
understand it. Maybe I should look again.
I did se some posts here where MS were quoted as being surprised how
many people used the data access block in their code when it wasn't
supposed to be production code. They don't seem to be able to decide if
we should or shouldn't use it!!
Anyway, I'll have another look.
<snip>I just have to say, that this entire approach feels weak. Doesn't sound
like you have much of a business object. You DAL seems strictly a querying
engine as opposed to a bridge between your data store and business
entities...
Well, it's not just for queries, that was just to make the post simpler.
I assumed that once I had it working for queries, I could get it working
for any SQL. However, if you feel the approach is weak, I'm open to
suggestions. I readily admit to being new at .NET, and I'm always
willing to learn (even when I'm not new).
How would you go about this problem? I just find that writing the same
lines of code over and over again a waste of time. It's also a right
royal pain if you need to change anything. That's why I had one
centralised data access module in Classic ASP. I'm hoping to do the same
here.
Thanks for the reply.
--
Alan Silver
(anything added below this line is nothing to do with me)
Well....code generation is one solution (which I use)
o/r mappers is another (which i don't use)
Karl
--
MY ASP.Net tutorials http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying) http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Alan Silver" <al*********@no spam.thanx> wrote in message
news:YI******** ******@nospamth ankyou.spam... You should consider taking a look at the DataAccess block from Microsoft
for
some ideas (or even to use it in your code):
http://www.microsoft.com/downloads/d...63D1F0A-9877-4
A7B-88EC-0426B48DF275&di splaylang=en
I looked at it briefly ages ago, but wasn't experienced enough to
understand it. Maybe I should look again.
I did se some posts here where MS were quoted as being surprised how many
people used the data access block in their code when it wasn't supposed to
be production code. They don't seem to be able to decide if we should or
shouldn't use it!!
Anyway, I'll have another look.
<snip>I just have to say, that this entire approach feels weak. Doesn't sound
like you have much of a business object. You DAL seems strictly a
querying
engine as opposed to a bridge between your data store and business
entities...
Well, it's not just for queries, that was just to make the post simpler. I
assumed that once I had it working for queries, I could get it working for
any SQL. However, if you feel the approach is weak, I'm open to
suggestions. I readily admit to being new at .NET, and I'm always willing
to learn (even when I'm not new).
How would you go about this problem? I just find that writing the same
lines of code over and over again a waste of time. It's also a right royal
pain if you need to change anything. That's why I had one centralised data
access module in Classic ASP. I'm hoping to do the same here.
Thanks for the reply.
--
Alan Silver
(anything added below this line is nothing to do with me)
>Well....code generation is one solution (which I use)
o/r mappers is another (which i don't use)
So what do you do?
Seriously, I'm trying to learn best practices here, but all the code I
see uses the same lines of code over and over again. Surely there must
be a more efficient way of doing it?
--
Alan Silver
(anything added below this line is nothing to do with me)
Like i said, code generation: http://www.codesmithtools.com/
write a template once, have the tool generate those mundane repetitive lines
of code over and over again...
Karl
--
MY ASP.Net tutorials http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying) http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Alan Silver" <al*********@no spam.thanx> wrote in message
news:g6******** ******@nospamth ankyou.spam... Well....code generation is one solution (which I use)
o/r mappers is another (which i don't use)
So what do you do?
Seriously, I'm trying to learn best practices here, but all the code I see
uses the same lines of code over and over again. Surely there must be a
more efficient way of doing it?
--
Alan Silver
(anything added below this line is nothing to do with me)
>Like i said, code generation: http://www.codesmithtools.com/
Ah, didn't get it, now I do!! write a template once, have the tool generate those mundane repetitive lines
of code over and over again...
But you still end up with almost identical bits of code everywhere. That
still seems an inefficient way to do it.
Thanks for the reply
--
Alan Silver
(anything added below this line is nothing to do with me) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: The Mess |
last post by:
I would like to pass a Control array of OptionButtons that I created at run
time to a Sub.
Say I have Opt(0), Opt(1)......Opt(5) as OptionButtons, is there a way to
pass Opt to a function and have the function see it as an Array of
Optionbuttons?
private sub Test(a as Object) is the best I can come up with so far. I
would like to test it to verify that it is both an array and an
OptionButton. Although I can check it with...
|
by: Seeker |
last post by:
Newbie question here...
I have a form with some radio buttons. To verify that at least one of the
buttons was chosen I use the following code ("f" is my form object) :
var btnChosen;
for (count = 0; count <= 1; count++) {
if (eval(f.RadioButtons.checked)) {
btnChosen = true;
}
|
by: Blue Ocean |
last post by:
I know this is somewhat dependent on the circumstances, but let me ask
anyway. Suppose I have a 100 byte struct or array or something like
that. Which would be more efficient?
void function(struct something foo)
{
foo.this + foo.that;
foo.somethingoranother++;
printf(foo.foostring);
//other operations on the array
|
by: sangeetha |
last post by:
Hello,
Is there any performance difference in using of the following two declaration?
int (*ptr); //Array of 10 int pointers
int *ptr; // pointer-to-array of 10.
Regards,
Sangeetha.
|
by: apm |
last post by:
Any and all:
Is there an efficient way to pass a large array from .NET to COM? Can
references (or pointer) be passed from COM to NET and NET to COM without the
object it refers to being copied?
Thanks in advance.
David
| | |
by: questions? |
last post by:
I tried to pass a two dimensional array in the function arguments
the following program is a demonstration,
********************************************
# include <stdio.h>
# include <string.h>
double data={{1.0, 3.0},{9.0, 8.0}};
|
by: roguefeebo |
last post by:
I'm very new to programming so be gentle, :(
Essentially what I would like to do is to have a single function to be able to create a dynamic array of pointers to a struct so that I can have a modular menu system up and running. My menus will have several varying numbers of options. This is the first time I've worked with something like this and just can't get it worked out.
I've snipped a lot of unnecessary code to this smaller piece so...
|
by: venkatagmail |
last post by:
I have problem understanding pass by value and pass by reference and
want to how how they are or appear in the memory:
I had to get my basics right again. I create an array and try all
possible ways of passing an array. In the following code, fun1(int
a1) - same as fun1(int* a1) - where both are of the type passed by
reference. Inside this function, another pointer a1 is created whose
address &a1 is different from that of the passed...
|
by: Why Tea |
last post by:
Suppose you have a 2-dimensional array (matrix) in main() and you want
to pass it to a function to do some processing, you usually pass it as
a pointer to the first element. But, from the function, how do you use
the index notation?
Example:
int matrix_check(int *m)
{
/* how can we use m type of representation? */
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
