Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
Performance comparison between a stored procedures and simple SQL queries in C# OR linq queries.
CREATE PROCEDURE [dbo].[GetProductCM]
AS
BEGIN
SET NOCOUNT ON
SELECT
p.ProductId,
p.ProductName,
p.CategoryId
FROM
dbo.Product p
END
using (SqlConnection myConnection = new SqlConnection(con))
{
string oString = "SELECT p.ProductId, p.ProductName, p.CategoryI FROM dbo.Product p";
SqlCommand oCmd = new SqlCommand(oString, myConnection);
myConnection.Open();
using (SqlDataReader oReader = oCmd.ExecuteReader())
{
while (oReader.Read())
{
Product.ProductName= oReader["ProductName"].ToString();
Product.CategoryI = oReader["CategoryI "].ToString();
}
myConnection.Close();
}
}
var queryAllProduct = from p in Product
select p;
What is the best practice?
To not use a stored procedure.
The performance benefit of precompiled stored procedures was eliminated with SQL Server 7 (yes, that is 7 - 25 years or so ago, IIRC). Since then plans are cached and reused for dynamic SQL. Now stored procedures make only sense if
The SQL is VERY large and he result very slow (reducing network traffic) and the network is slow.
You do complex processing that requires brutal data transfers otherwise.
In fact, in your particular case I would use an ORM and LINQ and not waste my time manually writing SQL code (that easily accounts for 40% of a programs code) that can instead be generated.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I Already connected my SQL database with visual studio via server explorer And i filled some tables with values.
Now, I want to access/search through a table from my SQL database in my visual studio project.
For example: in my table i have products from different categories and i only want to display products from a specific category
But, how can in do that?
There is many ways by which you can access.If you are using connected mode Than you have to create object for connection string
SqlConnection con = new SqlConnection(#"Data Source=nameof_server;Initial Catalog=name_of_database;Integrated Security=True");
SqlCommand cmd = new SqlCommand("sql_command",con);
con.open()
//perform action based on your requirment
ExecuteNonQuery() // Use this for insert,update,delete
ExecuteScalar() // Use this for select single column
ExecuteReader() // Use this for select multiple records
con.close()
Please check this link
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I want to write a C# application to check the selected stored procedure for some criteria. For example if the stored procedure contains 5 select queries the same query must contais 5 with(nolock) (select for temp tables except).
How can I do this via C#? Thanks in advance.
You can use sys.objects to query SQL Server's metadata in order to analyze SP's definition like a text. In your case you can create query such a listed below and check its results from C# app:
SELECT object_definition(object_id) as [sp definition]
, schema_name(schema_id) [schema]
, name
, type_desc
FROM sys.objects
where object_definition(object_id) like '%select%select%select%'
and type_desc = 'SQL_STORED_PROCEDURE'
OR
SELECT object_definition(object_id) as [sp definition]
, schema_name(schema_id) [schema]
, name
, type_desc
FROM sys.objects
where object_definition(object_id) like '%NOLOCK%'
and type_desc = 'SQL_STORED_PROCEDURE'
Not sure what the question is.
You obviously need to parse the SQL (because NOLOCK can also be in a comment).
And to get the source of a stored procedure - well, use something like
using (SqlConnection sqlConnection = new SqlConnection())
{
sqlConnection.ConnectionString = yourConnectionStringHere;
sqlConnection.Open();
SqlCommand sqlCommand = new SqlCommand("sys.sp_helptext", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlCommand.Parameters.AddWithValue("#objname", "stored_proc_name_here");
DataSet ds = new DataSet();
SqlDataAdapter sqlDataAdapter = new SqlDataAdapter();
sqlDataAdapter.SelectCommand = sqlCommand;
sqlDataAdapter.Fill(ds);
return DataTableToString(ds.Tables[0]);;
}
although I would never touch the sql server because I keep the source outside in version control, so a Visual Studio plug in would be the better solution.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I have two classes in which the teachers have merged their final projects into one, one class is software engineering and another one is data bases. The thing is that for SE i have to develop a desktop/smartphone app and for DB i have to develop every DB related stuff for that app.
But i have to keep both things separated, i mean i have to keep C# code away from SQL code so i can't do queries or any stuff using selection strings and such, i just have to call stored procedures with said queries from code.
Any idea how could i do that? To summarize i just want to call any code or procedure that i write in sql and store it's values in a variable,object or array.
As i said i cannot use:
string selectstr = "SELECT * FROM students;"
and execute that query, i have to write that in sql and call it from C# and store the values returned.
Stored procedures are called like any other SQL command in C#:
using (SqlCommand cmd = new SqlCommand("MyStoredProcedure", connection))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("#myParameter1", value);
...
using (SqlDataReader reader = cmd.ExecuteReader())
{
...
}
}
The "magic" bit is to set the command type correctly ;-)
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
Is there a way to do a c# datarow like the below code in a SELECT * query
//Have results like blow
string username = (string)row["username"];
I've tried but all I seem to see is reader or something, witch I know nothing about and don't understand. Can you lead me to some code that will help or give me a example?
DataReader is actually exactly what you need. The 'DataRow' class by itself won't help you; that gets used as part of a more complex solution, the 'DataSet' class (which uses 'DataTable' and that in turn uses 'DataColumn' and 'DataRow'). I don't see many people using 'DataSet'; if you want something complex with drag-and-drop design, you should look at using Entity Framework.
Here is a standard way to read values from SQL in .NET via DataReader (which, no matter what anyone says, is the fastest way to simply read data from a SQL database in .NET):
using (var connection = new SqlConnection("<Your connection string here>")
{
var command = new SqlCommand(
"SELECT username, email FROM users;",
connection);
connection.Open();
var reader = command.ExecuteReader(); // Using the DataReader (specifically, the SqlDataReader)
if (reader.HasRows)
{
while (reader.Read())
{
Console.WriteLine("User {0} has email {1}", reader["username"],
reader["email"]);
}
}
else
{
Console.WriteLine("No rows found.");
}
reader.Close();
}
MSDN documentation for DataReader
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
1st: Is there any better way to do
sqlcommand object = new sqlcommand("insert into sometable values '" + textboxes.texts "'," + somelabelvalues.text + "')" , connectiondb); //true for update,delete and everything inwhich we want to feed input data into database.
This is not safe. Is there any better way to do this because this was taught in our C# class.
All suggestions are welcome!
Use a SqlParameter
SqlCommand cmd = new SqlCommand("Select * from sometable where value = #value");
cmd.Parameters.AddWithValue("#value", "value");
Cam Bruce is correct, use SqlParameter always. However, I would like to expound on that just a bit.
First of all, you asked if there is "a better way to do this", the answer is Yes - Use parameters. There is another answer however that was addressed in the original comments, there is a different way to do this using Entity Framework. I would say that it's only better in certain situations. If this is your only SQL query in the project, then good lord please do not use Entity Framework as the overhead would be unnecessary.
You can read up on Entity Framework on MSDN
You should also definitely read up on SQL Injection Attacks
Now on to your code. As Cam stated above, use SqlParameter. He did leave out a couple good practices though on properly handing your command and connection.
It is a good practice to wrap both your SqlCommand and SqlConnection in using statements so that when you are finished with the objects, they will be disposed of.
string mySqlCommandText = "INSERT INTO some_table VALUES (#Value1, #Value2, #Value3)";
//Wrap your connection/command in using blocks
using (var conn = new SqlConnection(mySqlConnectionString))
using (var cmd = new SqlCommand(mySqlCommandText, conn))
{
//Add your values to the parameters
//This is how you avoid the SQL Injection attack
cmd.Parameters.AddWithValue("#Value1", myValue1);
cmd.Parameters.AddWithValue("#Value2", myValue2);
cmd.Parameters.AddWithValue("#Value3", myValue3);
conn.Open();
cmd.ExecuteNonQuery();
} //The cmd and conn objects are disposed of here as they are now out of scope.
Yes this way is not safe because of SQLInjection vulnerability...
as Cam Bruce said, you can use command parameters to make it safe and secure...
SqlCommand cmd = new SqlCommand("Select * from sometable where value = #value");
cmd.Parameters.AddWithValue("#Value", "value");
cmd.ExecuteNonQuery();
just that!