I'm still quite new to c# and I have multiple count queries on a single page. I don't need to use these queries anywhere else so have avoided creating a class. Still though, I can help but think there must be a more efficient approach but I was wondering what that would be!
Here's an example
private void cntUp() {
Dictionary<string, string> crd = getCredentials(Session["secure"].ToString());
Label UserUpcoming = frmDash.FindControl("lblUserReviewUp") as Label;
using (SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["CS"].ConnectionString))
{
con.Open();
try
{
using (SqlCommand countUpcoming = new SqlCommand("SELECT COUNT(*) FROM vw_dash_user_upcoming WHERE Employee_ID = #employee_id", con))
{
countUpcoming.Parameters.Add(new SqlParameter("employee_id", crd["employee_id"].ToString()));
SqlDataReader readerUpcoming = countUpcoming.ExecuteReader();
while (readerUpcoming.Read())
{
UserUpcoming.Text = readerUpcoming.GetInt32(0).ToString();
}
}
con.Close();
}
catch
{
Response.Redirect(this.ErrorPage);
}
}
}
The following Repository works with SQL Server.
Basically, you can either issue a regular or parameterized query.
You can pass in your parameters as all strings, or just as objects if you are going to use models with strongly typed numbers and dates.
You can take out the Release mode info if you don't use such a construct in developement, this is just to make it easier to switch between development and production databases without coding a change.
An example usage would be :
var updateStatement = "UPDATE OCCHistoryHeaders SET ValidatingUsername=#pUsername,ValidatingWorkstation=#pWorkstation,CurrentState = #pCurrentStatus,RejectionReason = #pRejectionReason, AutomatedValidation = '0' WHERE BatchId = #pBatchId";
var parameters = new Dictionary<string, object>
{
{"pUsername", Environment.UserName},
{"pWorkstation", Environment.MachineName},
{"pCurrentStatus", currentStatus},
{"pRejectionReason", rejectionReason},
{"pBatchId", batchId}
};
var absRowsUpdated = _occDb.ExecuteParameterizedNonQueryObjects(updateStatement, parameters);
Here is the class...
public class SomeRepository
{
private string _connectionString { get; set; }
private SqlConnection _sqlConnection { get; set; }
public SomeRepository()
{
switch (AppSettings.ReleaseMode)
{
case ReleaseMode.DEV:
_connectionString = "server=;database=;User Id=;Password=";
break;
case ReleaseMode.PRODUCTION:
_connectionString = "server=;database=;User Id=;Password=";
break;
}
}
public DataTable ExecuteQuery(string commandText)
{
var dataTable = new DataTable();
var _sqlConnection = new SqlConnection(_connectionString);
var cmd = new SqlCommand(commandText, _sqlConnection);
var da = new SqlDataAdapter(cmd);
try
{
_sqlConnection.Open();
da.Fill(dataTable);
}
catch (Exception ex)
{
var errorText = string.Format("Occ Repository ExecuteQuery Error : QueryString={0} :: Error={1}", commandText, ex.Message);
throw new Exception(errorText, ex);
}
finally
{
da.Dispose();
_sqlConnection.Dispose();
}
return dataTable;
}
public DataTable ExecuteParameterizedQuery(string commandText, Dictionary<string, string> parameters)
{
var dataTable = new DataTable();
var _sqlConnection = new SqlConnection(_connectionString);
var cmd = new SqlCommand(commandText, _sqlConnection);
var da = new SqlDataAdapter(cmd);
foreach (var entry in parameters)
{
cmd.Parameters.Add(entry.Key, entry.Value);
}
try
{
_sqlConnection.Open();
da.Fill(dataTable);
}
catch (Exception ex)
{
var errorText = string.Format("Occ Repository ExecuteQuery Error : QueryString={0} :: Error={1}", commandText, ex.Message);
throw new Exception(errorText, ex);
}
finally
{
da.Dispose();
_sqlConnection.Dispose();
}
return dataTable;
}
public DataTable ExecuteParameterizedQueryObjects(string commandText, Dictionary<string, object> parameters)
{
var dataTable = new DataTable();
var _sqlConnection = new SqlConnection(_connectionString);
var cmd = new SqlCommand(commandText, _sqlConnection);
var da = new SqlDataAdapter(cmd);
foreach (var entry in parameters)
{
cmd.Parameters.Add(entry.Key, entry.Value);
}
try
{
_sqlConnection.Open();
da.Fill(dataTable);
}
catch (Exception ex)
{
var errorText = string.Format("Occ Repository ExecuteQuery Error : QueryString={0} :: Error={1}", commandText, ex.Message);
throw new Exception(errorText, ex);
}
finally
{
da.Dispose();
_sqlConnection.Dispose();
}
return dataTable;
}
public int ExecuteNonQuery(string commandText)
{
var _sqlConnection = new SqlConnection(_connectionString);
var rowsAffected = 0;
try
{
var cmd = new SqlCommand(commandText, _sqlConnection);
_sqlConnection.Open();
rowsAffected = cmd.ExecuteNonQuery();
}
catch (Exception ex)
{
var errorText = string.Format("Occ Repository ExecuteNonQuery Error : Command={0} :: Error={1}", commandText, ex.Message);
throw new Exception(errorText, ex);
}
finally
{
_sqlConnection.Dispose();
}
return rowsAffected;
}
public int ExecuteParameterizedNonQuery(string commandText, Dictionary<string, string> parameters)
{
var _sqlConnection = new SqlConnection(_connectionString);
var rowsAffected = 0;
var cmd = new SqlCommand(commandText, _sqlConnection);
foreach (var entry in parameters)
{
cmd.Parameters.Add(entry.Key, entry.Value);
}
try
{
_sqlConnection.Open();
rowsAffected = cmd.ExecuteNonQuery();
}
catch (Exception ex)
{
var errorText = string.Format("Occ Repository ExecuteNonQuery Error : Command={0} :: Error={1}", commandText, ex.Message);
throw new Exception(errorText, ex);
}
finally
{
_sqlConnection.Dispose();
}
return rowsAffected;
}
public int ExecuteParameterizedNonQueryObjects(string commandText, Dictionary<string, object> parameters)
{
var _sqlConnection = new SqlConnection(_connectionString);
var rowsAffected = 0;
var cmd = new SqlCommand(commandText, _sqlConnection);
foreach (var entry in parameters)
{
cmd.Parameters.Add(entry.Key, entry.Value);
}
try
{
_sqlConnection.Open();
rowsAffected = cmd.ExecuteNonQuery();
}
catch (Exception ex)
{
var errorText = string.Format("Occ Repository ExecuteNonQuery Error : Command={0} :: Error={1}", commandText, ex.Message);
throw new Exception(errorText, ex);
}
finally
{
_sqlConnection.Dispose();
}
return rowsAffected;
}
}
If you only do stuff 1 place, generally you'd make everything less readable. So I would probably avoid it. It's a common pattern, however, to you would do yourself a favor writing a utility class with some functions for this.
//requires query parameters to have names #0, #1 etc in string
public static List<object[]> Query(String query, params String[] parameters) //no injection check on this string, be careful.
{
using(SqlConnection conn = new SqlConnection(_CONN_STRING_))
{
conn.Open()
using(SqlCommand cmd = new SqlCommand(query, conn))
{
AddSqlParams(cmd, parameters);
return Query(cmd);
}
}
}
/// <summary>Generic SQL query. Requires open connection.</summary>
/// <param name="cmd">SqlCommand object with all necessary fields configured.</param>
/// <returns>A list of Object arrays (each array is one row).</returns>
private static List<Object[]> Query(SqlCommand cmd)
{
List<Object[]> results = new List<Object[]>();
using (SqlDataReader rdr = cmd.ExecuteReader())
{
while (rdr.Read())
{
Object[] row = new Object[rdr.VisibleFieldCount];
rdr.GetValues(row);
results.Add(row);
}
return results;
}
}
private static void AddSqlParams(SqlCommand cmd, params String[] sqlParams)
{
for (Int32 i = 0; i < sqlParams.Length; i++)
cmd.Parameters.AddWithValue("#" + i, (Object)sqlParams[i] ?? DBNull.Value);
}
Then use like
UserUpcoming.Text = Query("SELECT COUNT(*) FROM vw_dash_user_upcoming WHERE Employee_ID = #0", crd["employee_id"].ToString())[0][0];
I like to have a separate class for each table in the database. In your case I would have a separate class called vw_dash_user_upcoming, this would have a static method something like...
public static int CountEmployees(int employeeId) {
int returnValue;
// do database stuff here
return returnValue;
}
I usually create a folder and namespace in my project called "database" and all the database stuff goes in there. Nothing goes in there that's not database access. For me this really helps keep things organized, especially in a large project.
Personally I would create a separate class, simply because it's not a good idea to keep pieces of code with totally different responsibilities in one class. When divided into small classes code is easier to read and maintain.
Communication with database should be separated anyway to make it easier to switch between datasources (e.g. different database servers).
Related
I am making login window to connect Oracle from my app (C# Entity Framework Code First from existing database). I want to make user able to set his own username\password to connect with DB. I tryed to change connection string in my DbContext, but it is doesn't work. Connection string seems to be changed, but provider returns invalid login\password exception. When I am trying to connect DB with connection string whitch has stored pass everything is ok. I think there is some security reasons for this behaivor. How can I propperly change connection string in runtime?
I am using VS 2017, Entity Framework 6, Oracle.ManagedDataAccess 18.3, Oracle 11.2 Server.
App.config
name="ConnStrPass" connectionString="DATA SOURCE=titan;PASSWORD=REALPASS;PERSIST SECURITY INFO=True;USER ID=BEE" providerName="Oracle.ManagedDataAccess.Client"
name="ConnStrNoPass" connectionString="DATA SOURCE=titan;PASSWORD=QWERTY;PERSIST SECURITY INFO=True;USER ID=BEE" providerName="Oracle.ManagedDataAccess.Client"
DBDemoModel.cs
public partial class DBDemoModel : DbContext
{
public DBDemoModel()
: base("name=ConnStrPass")
{
}
//overriding constructor DBDemoModel to change pass in ConnectionString
public DBDemoModel(string pass)
: base("name=ConnStrNoPass")
{
this.Database.Connection.ConnectionString = this.Database.Connection.ConnectionString.Replace("QWERTY", pass);
}
AbonentsFinder.cs //works fine
public List<ABONENTS> SelectAbonentsByName(string textToFind)
{
using (DBDemoModel db = new DBDemoModel())
{
var cont = db.ABONENTS.Where(a => a.OWNER.Contains(textToFind));
var abon = cont.ToList();
return new List<ABONENTS>(abon);
}
}
AbonentsFinder.cs //doesn't work wrong username\login
public List<ABONENTS> SelectAbonentsByName(string textToFind, string pass)
{
using (DBDemoModel db = new DBDemoModel(pass))
{
var cont = db.ABONENTS.Where(a => a.OWNER.Contains(textToFind));
var abon = cont.ToList(); //exception
return new List<ABONENTS>(abon);
}
}
DBDemoModel.cs //System.NotSupportedException
public DBDemoModel(string pass)
: base(new OracleConnection("DATA SOURCE=titan; PASSWORD="+pass+";USER ID=BEE"), true)
{
}
Problem solved. The problem was with EF profiler I used in my project. I disabled it and now everything works fine. OMG.
All Oracle Database Configure i hope help for anyone. thanks
public static OracleConnection Connection;
public static bool GetConnection()
{
String connectionString = "Data Source=Test;User ID=Test;Password=Test;";
try
{
Connection = new OracleConnection(connectionString);
//Connection.Open();
return true;
}
catch (OracleException ww)
{
MessageBox.Show(ww.ToString());
return false;
}
}
public static int ExecuteStatement(string query)
{
if (fncOpenConnection(false))
{
try
{
OracleCommand cmd = new OracleCommand(query, Connection);
int rowCount = cmd.ExecuteNonQuery();
return rowCount;
}
catch (Exception ex)
{
GlobalApp.ErrorMsg = ex.ToString();
return -1;
}
}
else return -1;
}
public static int ExecuteStatement_TXN(string query)
{
if (fncOpenConnection(false))
{
OracleTransaction txn;
txn = Connection.BeginTransaction();
try
{
OracleCommand cmd = new OracleCommand(query, Connection);
int rowCount = cmd.ExecuteNonQuery();
txn.Commit();
return rowCount;
}
catch (Exception er)
{
GlobalApp.ErrorMsg = er.ToString();
txn.Rollback();
return -1;
}
}
else return -1;
}
public static OracleDataReader GetReader(string query)
{
fncOpenConnection(false);
OracleDataReader dr = null;
try
{
OracleCommand cmd = new OracleCommand(query, Connection);
dr = cmd.ExecuteReader();
return dr;
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return dr;
}
}
public static DataTable GetTable(string query, int[] primaryKeyCol = null)
{
DataTable dt = null;
try
{
dt = new DataTable();
OracleDataAdapter oadp = new OracleDataAdapter(query, Connection);
oadp.Fill(dt);
if (primaryKeyCol != null)
{
DataColumn[] keyColumns = new DataColumn[primaryKeyCol.Count()];
int iCount = 0;
foreach (int x in primaryKeyCol)
{
keyColumns[iCount] = dt.Columns[x];
iCount = iCount + 1;
}
dt.PrimaryKey = keyColumns;
}
return dt;
}
catch (Exception)
{
return dt;
}
}
You need to login in order to change your password (similar to the way that most web sites will ask you for your CURRENT password first).
So let them login with their existing password, after which point you can run the following command through your connection object:
"alter user MY_USER identified by TheirNewPassword"
I am trying to execute a stored procedure with parameters, and get the results into a DataTable; but after execution, I get this:
this is the screen
I can get IDataRecord but I can't IDataReader - why? What do I miss? Thanks
public DataTable ExecuteProcedureTest(string storedProcedure, Dictionary<Filter, object> filterValue)
{
var parameters = GetParams(filterValue);
var sqlConnection = new SqlConnection(ConfigurationManager.ConnectionStrings["testconn"].ConnectionString);
var cmd = sqlConnection.CreateCommand();
SqlDataReader reader;
IDataReader dataReader;
IDataRecord[] dataRecords;
var table = new DataTable();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = storedProcedure;
foreach (var item in parameters)
{
cmd.Parameters.Add(item);
}
try
{
sqlConnection.Open();
reader = cmd.ExecuteReader();
dataRecords = reader.OfType<IDataRecord>().ToArray();
table.Load(reader);
}
catch (Exception ex)
{
throw ex;
}
finally
{
sqlConnection.Dispose();
}
//var count = dataRecords.Count();
return table;
}
If your goal is to fill a DataTable from a SqlCommand, use a SqlDataAdapter instead of a SqlDataReader. Here is a handy extension method:
public static class SqlExtensions
{
public static DataTable ExecuteDataTable(this SqlCommand command)
{
DataTable table = new DataTable();
using (SqlDataAdapter dataAdapter = new SqlDataAdapter(command))
{
dataAdapter.Fill(table);
}
return table;
}
}
Then from your code you can use it like this:
try
{
sqlConnection.Open();
table = cmd.ExecuteDataTable();
}
finally
{
sqlConnection.Dispose();
}
I am using a SqlHelper class which has common methods for CRUD operations.
public static void Fill(DataSet dataSet, String procedureName)
{
SqlConnection oConnection = new SqlConnection(DBInterface.ConnectionString);
SqlCommand oCommand = new SqlCommand(procedureName, oConnection);
oCommand.CommandType = CommandType.StoredProcedure;
SqlDataAdapter oAdapter = new SqlDataAdapter();
oAdapter.SelectCommand = oCommand;
oConnection.Open();
using (SqlTransaction oTransaction = oConnection.BeginTransaction())
{
try
{
oAdapter.SelectCommand.Transaction = oTransaction;
oAdapter.Fill(dataSet);
oTransaction.Commit();
}
catch
{
oTransaction.Rollback();
throw;
}
finally
{
if (oConnection.State == ConnectionState.Open)
oConnection.Close();
oConnection.Dispose();
oAdapter.Dispose();
}
}
}
Now in my code, I am calling this method as,
private void BindCustomers()
{
DataSet dsCust = new DataSet();
SqlHelper.Fill(dsCust, "getCustomers");
--then I bind this dataset to datagridview
}
This all works fine. Now I want to update the data in the database. But I am confused how do I call DataAdatpaer.Update(dataset) here to update the changes made in datagridview into database. Is this possible here? Or I need to do it conventionally to find the updated row and call the ExecuteNonQuery function in the SqlHelper? Is there anything which can be done to use dataadapter.update(ds)
Thanks
You don't need to hide data adapter, or if for any reason you did so, you need to expose a method in your class to push updates to server.
Example
Public class SqlHelper
{
string commandText;
string connectionString;
public SqlHelper(string command, string connection)
{
commandText = command;
connectionString = connection;
}
public DataTable Select()
{
var table = new DataTable();
using (var adapter = new SqlDataAdapter(this.commandText, this.connectionString))
adapter.Fill(table)
return table;
}
public void Update(DataTable table)
{
using (var adapter = new SqlDataAdapter(this.commandText, this.connectionString))
{
var builder = new SqlCommandBuilder(adapter);
adapter.Update(table);
}
}
}
By calling this method in your code you can perform all crud operation select, update, delete and insert. you just need to pass connection string, procedure name and parameters list. Using this method you will retrieve data in the DataTable.if anyone want Dataset(Multiple Result) then just need to replace DataSet on the place of DataTable
SqlConnection conn = new SqlConnection("Your ConnectionString");
public DataTable ExecuteDataTable(string ProcedureName, SqlParameter[] _Param)
{
try
{
DataTable dataTable = new DataTable();
SqlCommand cmd = new SqlCommand(ProcedureName, conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Clear();
if (_Param is not null)
{
for (int i = 0; i < _Param.Length; i++)
{
if (_Param[i].ParameterName is not null)
{
if (_Param[i].Value is not null)
{
cmd.Parameters.AddWithValue(_Param[i].ParameterName, _Param[i].Value);
}
else
{
cmd.Parameters.AddWithValue(_Param[i].ParameterName, DBNull.Value);
}
}
}
}
conn.Open();
SqlDataAdapter DA = new SqlDataAdapter(cmd);
DA.Fill(dataTable);
conn.Close();
return dataTable;
}
catch (Exception ex)
{
conn.Close();
throw;
}
}
I have a DataClassLibrary attached to my ASP.Net project. I use it to access the database to get my values. I want to take the values given in the Line1 class and put them in the corresponding label. I tried DataLibraryClass.Line1 NewDataA = new DataLibraryClass.Line1(); but it gives me a zero I know that they have values. Could it be that my NewDataA = new is causing it to return zero? I also used breakpoints in the Line1 class and it never reaches the database query. How can I get the data I need into the labels properly?
DataLibraryClass
Line1:
var sqlString = new StringBuilder();
sqlString.Append("SELECT CaseNum6, CaseNum9, Group, Completion ");
sqlString.Append("FROM WorkOrder ");
sqlString.Append("WHERE Group = 1 OR Group = 2 ");
sqlString.Append("AND Completion = 0 ");
SqlDataReader reader = null;
SqlConnection dbConn = DBHelper.getConnection();
SqlParameter[] parameters = new SqlParameter[] { new SqlParameter("#CaseNum6", CaseNum6 )};
try
{
reader = DBHelper.executeQuery(dbConn, sqlString.ToString(), parameters);
if (reader != null)
{
if (reader.Read())
{
CaseNum6 = (int)reader["CaseNum6"];
CaseNum9 = (int)reader["CaseNum9"];
Group = (int)reader["Group"];
Completion = (bool)reader["Completion"];
}
else
throw new Exception("No record returned");
reader.Close();
reader.Dispose();
dbConn.Close();
dbConn.Dispose();
DataLibraryClass
DBHelper:
private DBHelper() { }
public static SqlConnection getConnection()
{
return new SqlConnection(ConfigurationManager.ConnectionStrings["Connection"].ConnectionString);
}
public static SqlConnection getFRESHConnection()
{
return new SqlConnection(ConfigurationManager.ConnectionStrings["FRESHConnection"].ConnectionString);
}
public static SqlDataReader executeQuery(SqlConnection dbConn, string sqlString, SqlParameter[] parameters)
{
SqlCommand cmd = null;
SqlDataReader reader = null;
try
{
if (dbConn.State == ConnectionState.Closed)
dbConn.Open();
cmd = dbConn.CreateCommand();
cmd.CommandText = sqlString;
if (parameters != null)
{
cmd.Parameters.AddRange(parameters);
}
reader = cmd.ExecuteReader();
cmd.Dispose();
}
catch (Exception ex)
{
throw ex;
}
return reader;
Code behind ASP page:
DataClassLibrary.LineAData NewDataA = new DataClassLibrary.LineAData();
DataClassLibrary.LineBData NewDataB = new DataClassLibrary.LineBData();
protected void Page_Load(object sender, EventArgs e)
{
L1.Text = NewDataA.CaseNum6.ToString();
L2.Text = NewDataA.CaseNum9.ToString();
L4.Text = NewDataB.CaseNum6.ToString();
L5.Text = NewDataB.CaseGNum9.ToString();
}
Upon setting up the webpage I failed to realize the behind code was set to .vb not .cs which is why everything was not working.
Here is my code:
string sql = string.Format("select * from StockInTb ");
DataTable dt = dataAccess.GetDataTable(sql);
UploadService.UploadClient client = new UploadService.UploadClient();
if (client.UpdateTest(dt))
{
MessageBox.Show("suceess");
}
else
{
MessageBox.Show("fail");
}
Here is my dataaccess class:
private static string connString;
private static SQLiteConnection conn;
public SQLiteDataAccess()
{
connString = ConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
}
private void OpenConn()
{
try
{
if (conn == null)
{
conn = new SQLiteConnection(connString);
}
if (conn.State != System.Data.ConnectionState.Open)
{
conn.Open();
}
}
catch (Exception ex)
{
LogUtil.Log("ex:" + ex.Message);
}
}
private void CloseConn()
{
try
{
if (conn.State != System.Data.ConnectionState.Closed)
{
conn.Close();
}
}
catch (Exception ex)
{
LogUtil.Log("ex:" + ex.Message);
}
}
public System.Data.DataTable GetDataTable(string sql)
{
DataTable dtResult = new DataTable();
try
{
OpenConn();
SQLiteDataAdapter adpter = new SQLiteDataAdapter(sql, conn);
DataSet ds = new DataSet();
adpter.Fill(ds);//here,I got the error.
if (ds.Tables.Count > 0)
{
dtResult = ds.Tables[0];
}
}
catch (Exception ex)
{
LogUtil.Log("ex:" + ex.Message);
}
finally
{
CloseConn();
}
return dtResult;
}
I got the error:
String was not recognized as a valid DateTime.
The database is SQLite, and table StockInTb contains some columns which type is datetime.
I've found some solutions like datetime.toString(s), but that's not what I need.
I don't know how to solve this odd problem. If somebody knows the answers, please tell me.
Thanks.
You can use parameter as below, Assume You have Column called MyDateTime and type is DateTime in your StockInTb Table then your query should be change as below.
Note that #InputDate going to add bay using Command.Parameters.Add method. Need to give the same name in both places and you can directly set parameter from DateTime object ( here it is named as InputDate
Command.CommandText = "select * from StockInTb where MyDateTime = #InputDate";
Command.Parameters.Add("#InputDate", InputDate);