473,881 Members | 1,687 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

How do I pass an array of varying types to a function?

Hello,

I'm a bit surprised at the amount of boilerplate code required to do
standard data access in .NET and was looking for a way to improve
matters. In Classic ASP, I used to have a common function that was
included in all pages that took an SQL query and returned a disconnected
recordset. This meant that data access could be achieved in a single
line. I would like to do something similar in ASP.NET.

I know I could just duplicate the code, but that means passing the
complete SQL query in as a parameter. I have recently read more about
SQL injection, and would like to take steps to avoid this, so *don't*
want to do...

string SQL = "select * from mtTable where empName='";
SQL += txtEmpName.Text + "'";

as this is open to injection. (Obviously I would escape single quotes in
the text box, but it's still not so secure.)

I would like to set up an array of some type that has two members, a
name and a value. This array could be populated with the parameter names
and values for the query. Thus, the query could be...

"select * from myTable where empName=@empNam e"

and the (in this case only) parameter would be named "empName" and have
a value of (say) "Fred".

So, my problem is, how do I do this? I can't work out how to allow the
value part of the parameter type to be able to store any data type
(which would probably only be one of string, int or double, but you
never know), without falling into problems when trying to pass the value
to the SqlParameter object that is going to expect it to be of the
correct type.

The end result is that I would like to pass this array into a function
that could loop through the members of the array and create a new
SqlParameter for each element, using the name and value as appropriate.

TIA for any help you can give. I hope this was all clear!!

--
Alan Silver
(anything added below this line is nothing to do with me)
Nov 19 '05 #1
9 2323
You should consider taking a look at the DataAccess block from Microsoft for
some ideas (or even to use it in your code):
http://www.microsoft.com/downloads/d...displaylang=en

The way they do it is allow a param to be passed to their function (variable
length array) and use reflection against the sproc to match it up....it's
kinda clever!

Otherwise,quick ly thinking, I think I'd pass a hashtable as a paramter.
Have the key be the parameter name, and the value be, well, the value. You
can look through the hashtable and add paramters.

foreach (DictionaryEntr y entry in hash)
{
command.Paramet ers.Add(entry.K ey).Value = entry.Value;
}
I just have to say, that this entire approach feels weak. Doesn't sound
like you have much of a business object. You DAL seems strictly a querying
engine as opposed to a bridge between your data store and business
entities...

Karl
--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Alan Silver" <al*********@no spam.thanx> wrote in message
news:KO******** ******@nospamth ankyou.spam...
Hello,

I'm a bit surprised at the amount of boilerplate code required to do
standard data access in .NET and was looking for a way to improve matters.
In Classic ASP, I used to have a common function that was included in all
pages that took an SQL query and returned a disconnected recordset. This
meant that data access could be achieved in a single line. I would like to
do something similar in ASP.NET.

I know I could just duplicate the code, but that means passing the
complete SQL query in as a parameter. I have recently read more about SQL
injection, and would like to take steps to avoid this, so *don't* want to
do...

string SQL = "select * from mtTable where empName='";
SQL += txtEmpName.Text + "'";

as this is open to injection. (Obviously I would escape single quotes in
the text box, but it's still not so secure.)

I would like to set up an array of some type that has two members, a name
and a value. This array could be populated with the parameter names and
values for the query. Thus, the query could be...

"select * from myTable where empName=@empNam e"

and the (in this case only) parameter would be named "empName" and have a
value of (say) "Fred".

So, my problem is, how do I do this? I can't work out how to allow the
value part of the parameter type to be able to store any data type (which
would probably only be one of string, int or double, but you never know),
without falling into problems when trying to pass the value to the
SqlParameter object that is going to expect it to be of the correct type.

The end result is that I would like to pass this array into a function
that could loop through the members of the array and create a new
SqlParameter for each element, using the name and value as appropriate.

TIA for any help you can give. I hope this was all clear!!

--
Alan Silver
(anything added below this line is nothing to do with me)

Nov 19 '05 #2
Alan Silver wrote:
Hello,

I'm a bit surprised at the amount of boilerplate code required to do
standard data access in .NET and was looking for a way to improve
matters. In Classic ASP, I used to have a common function that was
included in all pages that took an SQL query and returned a
disconnected recordset. This meant that data access could be achieved
in a single line. I would like to do something similar in ASP.NET.

I know I could just duplicate the code, but that means passing the
complete SQL query in as a parameter. I have recently read more about
SQL injection, and would like to take steps to avoid this, so *don't*
want to do...

string SQL = "select * from mtTable where empName='";
SQL += txtEmpName.Text + "'";

as this is open to injection. (Obviously I would escape single quotes
in the text box, but it's still not so secure.)

I would like to set up an array of some type that has two members, a
name and a value. This array could be populated with the parameter
names and values for the query. Thus, the query could be...

"select * from myTable where empName=@empNam e"

and the (in this case only) parameter would be named "empName" and
have a value of (say) "Fred".

So, my problem is, how do I do this? I can't work out how to allow the
value part of the parameter type to be able to store any data type
(which would probably only be one of string, int or double, but you
never know), without falling into problems when trying to pass the
value to the SqlParameter object that is going to expect it to be of
the correct type.

The end result is that I would like to pass this array into a function
that could loop through the members of the array and create a new
SqlParameter for each element, using the name and value as
appropriate.
TIA for any help you can give. I hope this was all clear!!


And what if you use *three* values in the list? Name, value and *sqltype*.
It's easy to make your own "MyParamete r" class for this, which you put
into the list. The "value" has type "object", so you can put anything into it.

For the rest your idea is similar to what I already have implemented
(sorry, can't let you have that, company property), but I use it only
to call stored procedures.
There are basically three methods I can call in this way, depending
on the output: none, scalar (returns an "object") or dataset.

Hans Kesting
Nov 19 '05 #3
Hi there,

The basic answer to your question is that you need the "value" part to be
of type "object". If you declare your value as an object - it can hold any
other type as well.

Have a look into inheritance for more information on this works.

Also, as mentioned above, looking at the microsoft data access application
block will take care of a lot of this crap for you. It's good to understand
whats going on, but after a while you just wish that data access code would
bugger off and leave you alone. The application block helps a little towards
that end.

I hope that helps

t

Nov 19 '05 #4
>And what if you use *three* values in the list? Name, value and
*sqltype*. It's easy to make your own "MyParamete r" class for this,
which you put into the list. The "value" has type "object", so you can
put anything into it.

<snip>

That's a good idea, thanks.

--
Alan Silver
(anything added below this line is nothing to do with me)
Nov 19 '05 #5
>You should consider taking a look at the DataAccess block from Microsoft for
some ideas (or even to use it in your code):
http://www.microsoft.com/downloads/d...63D1F0A-9877-4
A7B-88EC-0426B48DF275&di splaylang=en
I looked at it briefly ages ago, but wasn't experienced enough to
understand it. Maybe I should look again.

I did se some posts here where MS were quoted as being surprised how
many people used the data access block in their code when it wasn't
supposed to be production code. They don't seem to be able to decide if
we should or shouldn't use it!!

Anyway, I'll have another look.

<snip>I just have to say, that this entire approach feels weak. Doesn't sound
like you have much of a business object. You DAL seems strictly a querying
engine as opposed to a bridge between your data store and business
entities...


Well, it's not just for queries, that was just to make the post simpler.
I assumed that once I had it working for queries, I could get it working
for any SQL. However, if you feel the approach is weak, I'm open to
suggestions. I readily admit to being new at .NET, and I'm always
willing to learn (even when I'm not new).

How would you go about this problem? I just find that writing the same
lines of code over and over again a waste of time. It's also a right
royal pain if you need to change anything. That's why I had one
centralised data access module in Classic ASP. I'm hoping to do the same
here.

Thanks for the reply.

--
Alan Silver
(anything added below this line is nothing to do with me)
Nov 19 '05 #6
Well....code generation is one solution (which I use)

o/r mappers is another (which i don't use)

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Alan Silver" <al*********@no spam.thanx> wrote in message
news:YI******** ******@nospamth ankyou.spam...
You should consider taking a look at the DataAccess block from Microsoft
for
some ideas (or even to use it in your code):
http://www.microsoft.com/downloads/d...63D1F0A-9877-4
A7B-88EC-0426B48DF275&di splaylang=en


I looked at it briefly ages ago, but wasn't experienced enough to
understand it. Maybe I should look again.

I did se some posts here where MS were quoted as being surprised how many
people used the data access block in their code when it wasn't supposed to
be production code. They don't seem to be able to decide if we should or
shouldn't use it!!

Anyway, I'll have another look.

<snip>
I just have to say, that this entire approach feels weak. Doesn't sound
like you have much of a business object. You DAL seems strictly a
querying
engine as opposed to a bridge between your data store and business
entities...


Well, it's not just for queries, that was just to make the post simpler. I
assumed that once I had it working for queries, I could get it working for
any SQL. However, if you feel the approach is weak, I'm open to
suggestions. I readily admit to being new at .NET, and I'm always willing
to learn (even when I'm not new).

How would you go about this problem? I just find that writing the same
lines of code over and over again a waste of time. It's also a right royal
pain if you need to change anything. That's why I had one centralised data
access module in Classic ASP. I'm hoping to do the same here.

Thanks for the reply.

--
Alan Silver
(anything added below this line is nothing to do with me)

Nov 19 '05 #7
>Well....code generation is one solution (which I use)

o/r mappers is another (which i don't use)


So what do you do?

Seriously, I'm trying to learn best practices here, but all the code I
see uses the same lines of code over and over again. Surely there must
be a more efficient way of doing it?

--
Alan Silver
(anything added below this line is nothing to do with me)
Nov 19 '05 #8
Like i said, code generation: http://www.codesmithtools.com/

write a template once, have the tool generate those mundane repetitive lines
of code over and over again...

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Alan Silver" <al*********@no spam.thanx> wrote in message
news:g6******** ******@nospamth ankyou.spam...
Well....code generation is one solution (which I use)

o/r mappers is another (which i don't use)


So what do you do?

Seriously, I'm trying to learn best practices here, but all the code I see
uses the same lines of code over and over again. Surely there must be a
more efficient way of doing it?

--
Alan Silver
(anything added below this line is nothing to do with me)

Nov 19 '05 #9
>Like i said, code generation: http://www.codesmithtools.com/

Ah, didn't get it, now I do!!
write a template once, have the tool generate those mundane repetitive lines
of code over and over again...


But you still end up with almost identical bits of code everywhere. That
still seems an inefficient way to do it.

Thanks for the reply

--
Alan Silver
(anything added below this line is nothing to do with me)
Nov 19 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
5929
by: The Mess | last post by:
I would like to pass a Control array of OptionButtons that I created at run time to a Sub. Say I have Opt(0), Opt(1)......Opt(5) as OptionButtons, is there a way to pass Opt to a function and have the function see it as an Array of Optionbuttons? private sub Test(a as Object) is the best I can come up with so far. I would like to test it to verify that it is both an array and an OptionButton. Although I can check it with...
5
3152
by: Seeker | last post by:
Newbie question here... I have a form with some radio buttons. To verify that at least one of the buttons was chosen I use the following code ("f" is my form object) : var btnChosen; for (count = 0; count <= 1; count++) { if (eval(f.RadioButtons.checked)) { btnChosen = true; }
8
1580
by: Blue Ocean | last post by:
I know this is somewhat dependent on the circumstances, but let me ask anyway. Suppose I have a 100 byte struct or array or something like that. Which would be more efficient? void function(struct something foo) { foo.this + foo.that; foo.somethingoranother++; printf(foo.foostring); //other operations on the array
9
15720
by: sangeetha | last post by:
Hello, Is there any performance difference in using of the following two declaration? int (*ptr); //Array of 10 int pointers int *ptr; // pointer-to-array of 10. Regards, Sangeetha.
5
2726
by: apm | last post by:
Any and all: Is there an efficient way to pass a large array from .NET to COM? Can references (or pointer) be passed from COM to NET and NET to COM without the object it refers to being copied? Thanks in advance. David
3
2836
by: questions? | last post by:
I tried to pass a two dimensional array in the function arguments the following program is a demonstration, ******************************************** # include <stdio.h> # include <string.h> double data={{1.0, 3.0},{9.0, 8.0}};
7
8728
by: roguefeebo | last post by:
I'm very new to programming so be gentle, :( Essentially what I would like to do is to have a single function to be able to create a dynamic array of pointers to a struct so that I can have a modular menu system up and running. My menus will have several varying numbers of options. This is the first time I've worked with something like this and just can't get it worked out. I've snipped a lot of unnecessary code to this smaller piece so...
11
3373
by: venkatagmail | last post by:
I have problem understanding pass by value and pass by reference and want to how how they are or appear in the memory: I had to get my basics right again. I create an array and try all possible ways of passing an array. In the following code, fun1(int a1) - same as fun1(int* a1) - where both are of the type passed by reference. Inside this function, another pointer a1 is created whose address &a1 is different from that of the passed...
29
38716
by: Why Tea | last post by:
Suppose you have a 2-dimensional array (matrix) in main() and you want to pass it to a function to do some processing, you usually pass it as a pointer to the first element. But, from the function, how do you use the index notation? Example: int matrix_check(int *m) { /* how can we use m type of representation? */
0
9926
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9776
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
1
10812
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
10399
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
9552
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
7108
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5976
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
4597
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4194
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.