473,320 Members | 1,856 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Which one is better between these two approaches?

Hi, I'm doing an application using C# and I have this question:

I have a method called sqlQueryBD which receives a string sql query and
executes it against a database.
I also have a class called sqlCompat which has one property "sqlText" with
its getter and setter methods. The purpose of this class to translate the
receiving sql query into an "escaped" sql query, for instance:
insert into people values ('cod001','Carl
Johnson','\\computer\directory\file01.txt')
is translated into:
insert into people values ('cod001','Carl
Johnson','\\\\computer\\directory\\file01.txt')

The constructor receiving a string parameter is as follows:
public sqlCompat(string text)
{
this.text = sqlCompatSTR(text.Trim());
}

These are getter and setter methods for sqlText:
private string text;
public string sqlText
{
get
{
return text;
}
set
{
text = sqlCompatSTR(value.Trim());
}
}
where sqlCompatSTR is in charge of doing the translation.

In a form called frmQuerySFG in a button event I have this and it works
perfectly:

sqlQueryBD(new sqlCompat("select * from table").sqlText);

But if I do this it works exactly the same way:

//Declare a frmQuerySFG attribute (this is outside of button's event)
sqlCompat s_sql = new sqlCompat();

//This goes inside the button event
s_sql.sqlText = "select * from table";
sqlQueryBD(s_sql.sqlText);

Ok, which one is better between these two approaches?
The first approach is faster to code because it is only one line of code,
but I don't know if there are disadvantages in creating a new instance each
time I call that method.
The second approach doesn't create a new instance each time sqlQueryBD is
called but it involves more lines of code.

I've been using the first approach and I would like to know if it's better
to use the second approach. I always like to improve my code.

Thanks for your help.

Best Regards
Jul 3 '07 #1
3 1262
They both involve creating a meaningless object for no reason (either
everytime, or near-enough every time), and both involve separately
checking a property (for a single value) when a return value would
suffice, so there is little to sing about in either. The pattern
itself is fine... it compares to a number of similar things such as
DbConnectionStringBuilder - the main difference being that such
classes only make sense if you have lots of properties you want to
look at, not just the one. In such patterns, both mutable and
immutable styles are common - by which, I mean e.g. Url accepts a
string into the ctor, and has get (only) properties;
DbConnectionStringBuilder has a string ctor and a default (empty)
ctor, and has both get and set properties. Both patterns are valid;
however. in this case, all you really need is something like:

// note: sql should typically use parameters...
public static EscapeSqlQuery(string query) {
// do some manipulations
return result;
}

and then you can call:

// compare to sqlQueryBD(new sqlCompat("select * from
table").sqlText);
// (I would use "common" names comparable to ExecuteNonQuery etc, but
// the return data isn't clear so I can't extrapolate)
InvokedEscapedSqlQuery(EscapeSqlQuery(query));

As a stylistic recommendation, can I suggest you look at your naming
conventions? None of the names cited are especially meaningful (to me
at least); they might make sense to you now... but in 12 months time?

Marc

Jul 4 '07 #2
Thanks a lot for your help Marc.

I really appreciate it.

Best Regards
Jul 4 '07 #3
Rolandpish wrote:
Hi, I'm doing an application using C# and I have this question:

I have a method called sqlQueryBD which receives a string sql query and
executes it against a database.
I also have a class called sqlCompat which has one property "sqlText" with
its getter and setter methods. The purpose of this class to translate the
receiving sql query into an "escaped" sql query, for instance:
insert into people values ('cod001','Carl
Johnson','\\computer\directory\file01.txt')
is translated into:
insert into people values ('cod001','Carl
Johnson','\\\\computer\\directory\\file01.txt')
When you have put together the values into a query, it's too late to
safely escape the values. If someone uses apostrophes somewhere:

insert into people values ('a00','John 'Noone'
Doe','\\computer\directory\file01.txt')

How should the code know that the fourth and fifth apostrophes are to be
escaped?

You need to escape each value before you put it in the query. You should
consider using parameters, as [someone, can't see the thread right
now] suggested.

--
Göran Andersson
_____
http://www.guffa.com
Jul 5 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

43
by: Rob R. Ainscough | last post by:
I realize I'm learning web development and there is a STEEP learning curve, but so far I've had to learn: HTML XML JavaScript ASP.NET using VB.NET ..NET Framework ADO.NET SSL
2
by: Damien | last post by:
Hi all, I'm messing around with various signal/slot mechanisms, trying to build something lean and fast. I've used libsigc++, and Sarah Thompson's at sigslot.sourceforge.net, and most of the...
4
by: Martin the Third | last post by:
Okay, I have a program that has many optional windows. Its not mdi or anything, it just has alot of windows that you can choose to have that would add extra features to the program. Now, I need...
9
by: Mr Flibble | last post by:
Hi all, happy Friday! (certainly Friday is a day worth celebrating). I have a question on try/catch design (an exciting Friday topic for sure): I can either put a try/catch block in every...
2
by: zefciu | last post by:
In the tutorial there is an example iterator class that revesrses the string given to the constructor. The problem is that this class works only once, unlike built-in types like string. How to...
20
by: mike3 | last post by:
Hi. (Xposted to both comp.lang.c++ and comp.programming since I've got questions related to both C++ language and general programming) I've got the following C++ code. The first routine runs in...
84
by: Patient Guy | last post by:
Which is the better approach in working with Javascript? 1. Server side processing: Web server gets form input, runs it into the Javascript module, and PHP collects the output for document prep....
4
by: randy.buchholz | last post by:
Just trying to get multiple dropdowns's to work inside another control (details view) I'm seeing this error, but not consistantly. I can even cut and paste a working set of controls into a new...
5
by: Nitesh | last post by:
Objects of type X are basic building blocks of my application and there are a few functions which return XHandle (typedef X** XHandle). The task at hand needs to use a couple of these functions and...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.