Can anyone please suggest me whether this code will cause concurrency or not.
This is a static class used in forms and and used for some database transactions.
This involves invoking of static function from asp.net pages and passing parameters as ref type.
I am using reference type.
As it is web based,does it Create some concurrency.
///
Here is code from my sample class.
public static class DataClass
{
static SqlConnection con = new SqlConnection(
ConfigurationManager.ConnectionStrings["sqlserverconnectionstring"]
.ConnectionString);
public static string GetCon()
{
return ConfigurationManager.ConnectionStrings["sqlserverconnectionstring"].ConnectionString;
}
public static void Conn(ref SqlConnection con)
{
if (con.State == ConnectionState.Closed)
{
con.Open();
}
}
public static DataSet GetDataSet(string qry)
{
SqlDataAdapter adp = new SqlDataAdapter(qry, con);
DataSet ds = new DataSet();
adp.Fill(ds);
return ds;
}
public static bool ExecuteCommand(ref SqlCommand cmd)
{
bool i =true;
cmd.Connection = con;
Conn(ref con);
SqlTransaction trans =con.BeginTransaction();
cmd.Transaction = trans;
try
{
cmd.ExecuteNonQuery();
trans.Commit();
}
catch
{
trans.Rollback();
i = false;
}
finally
{
cmd.Dispose();
con.Close();
}
return i;
}
}
Since you have defined a static SQLConnection, I believe it may cause concurrency issues.
static SqlConnection con = new SqlConnection (ConfigurationManager.ConnectionStrings["sqlserverconnectionstring"].ConnectionString);
If two different objects try to run a query, they will run them on the same instance of sql connection object.
Yes, that isn't thread-safe/ However, since SqlClient uses connection-pooling by default, you can just drop the static connection, and have each usage do something like:
using(var conn = OpenConnection()) {
...//code
}
where OpenConnection returns a new SqlConnection each time. This is not the same as a different underlying connection each time, and you will usually (in a winform) find a very low number of connections being used (1 if you get really lucky).
Related
I have designed my application in a layered approach. I have a BusinessOP layer for each interface and a common data access layer. In my Data access layer I have Data Reader method like this.|
public SqlDataReader executeQuerys(string query01)
{
SqlConnection con = null;
SqlCommand com = null;
try
{
con = new SqlConnection(DBConnect.makeConnection());
con.Open();
com = new SqlCommand(query01, con);
return com.ExecuteReader(CommandBehavior.CloseConnection);
}
catch
{
com.Dispose();
con.Close();
throw;
}
This is the code for my DBConnection layer.
public static string makeConnection()
{
string con = ConfigurationManager.ConnectionStrings["MyDB.Properties.Settings.ConString"].ToString();
return con;
}
In my business layer I have methods like this each calling a specific stored procedure.
public SqlDataReader getLGDivID(string divName)
{
string query = "EXEC getLGDivID'" + divName + "'";
return new DataAccessLayer().executeQuerys(query);
}
As my business operation layer is unsecure, I want to have it with parameterized query in here I'm using string concatenation to pass parameters. Can anyone hint me how to modify it?
You can change your function a little bit:
public SqlDataReader executeQuerys(string query01, string paramName, string value)
{
SqlConnection con = null;
SqlCommand com = null;
try
{
con = new SqlConnection(DBConnect.makeConnection());
con.Open();
com = new SqlCommand(query01, con);
com.Parameters.AddWithValue(paramName, value);
com.Dispose();
con.Close();
}
catch
{
com.Dispose();
con.Close();
throw;
}
return com.ExecuteReader(CommandBehavior.CloseConnection);
}
then to use it:
public SqlDataReader getLGDivID(string divName)
{
string query = "EXEC getLGDivID #divName";
return new DataAccessLayer().executeQuerys(query, "#divName", divName);
}
EDIT:
As #silvermind pointed out, you should dispose your connection properly.
The way you have it now it will dispose connection only when you catch an exception.
This is bad, make use of IDisposable, for example:
public SqlDataReader executeQuerys(string query01, string paramName, string value)
{
using (SqlConnection con = new SqlConnection(DBConnect.makeConnection()))
{
try
{
con.Open();
com = new SqlCommand(query01, con);
com.Parameters.AddWithValue(paramName, value);
}
catch(SqlException ex)
{
//Handle the exceptio
//no need to dispose connection manually
//using statement will take care of that
}
}
return com.ExecuteReader(CommandBehavior.CloseConnection);
}
I have an object below:
public class DatabaseAccess
{
private static string sConnStr;
private static SqlConnection sqlConn;
private static string ConnectionString
{
get
{
if (String.IsNullOrEmpty(sConnStr))
{
sConnStr = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
}
return sConnStr;
}
}
public static int OpenConnection
{
get
{
sqlConn = new SqlConnection(ConnectionString);
return 0;
}
}
public static SqlConnection Connection
{
get
{
if (sqlConn.State != ConnectionState.Open)
{
sqlConn = new SqlConnection(ConnectionString);
sqlConn.Open();
}
return sqlConn;
}
}
}
So whenever I need a connection in my web application, I use something like:
DataTable dt = new DataTable();
using (SqlConnection cnn = DatabaseAccess.Connection)
{
using (SqlDataAdapter da = new SqlDataAdapter("MyAStoredProcedure", cnn))
{
da.SelectCommand.CommandType = CommandType.StoredProcedure;
da.Fill(dt);
}
}
return dt;
It all seems well except when there are 2 users running the codes at the same time, I will get in my web application the following error:
There is already an open DataReader associated with this Command needs to be Closed.
I need some advice how do I resolve the above issue?
Thank you.
That's because you're sharing connection objects - don't do that. DatabaseAccess.Connection should create a new SqlConnection every time.
Try to create a new instance of SqlConnection in the using statement
DataTable dt = new DataTable();
using (SqlConnection cnn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString))
{
cnn.Open();
using (SqlDataAdapter da = new SqlDataAdapter("MyAStoredProcedure", cnn))
{
da.SelectCommand.CommandType = CommandType.StoredProcedure;
da.Fill(dt);
}
}
return dt;
When i debug my application, it gives an error that SelectCommand.Connection Property is not been initialized. i dont know what am i doing here wrong :s. I actually want to add a filter over my search on the textchanged event of a textbox.
public class ConnectionClass
{
static SqlConnection cn;
public static SqlConnection Connection()
{
string myConnection = ConfigurationManager.ConnectionStrings["_uniManagementConnectionString1"].ConnectionString;
if (cn != null)
{
cn = new SqlConnection(myConnection);
cn.Open();
}
return cn;
}
}
public class ClassDataManagement
{
SqlConnection cn = ConnectionClass.Connection();
public DataTable GetData(string SQL)
{
SqlCommand cmd = new SqlCommand(SQL, cn);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
return dt;
}
}
protected void TextBoxFilterText_TextChanged(object sender, EventArgs e)
{
ClassDataManagement dm = new ClassDataManagement();
string query = "Select CourseCode from _Courses where coursecode like'%" + TextBoxFilterText.Text.TrimEnd() + "%'";
dm.GetData(query);
GridViewCourses.DataBind();
}
That's because your cn variable is null, and not getting initialized. Yet another example why it's a bad idea to initialize and open database connections in a static method.
Try this:
public class ClassDataManagement
{
public DataTable GetData(string SQL)
{
string YourConnectionString = ConfigurationManager.ConnectionStrings["_uniManagementConnectionString1"].ConnectionString;
DataTable dt = new DataTable();
using (SqlConnection cn = new SqlConnection(YourConnectionString))
using (SqlCommand cmd = new SqlCommand(SQL, cn))
using (SqlDataAdapter da = new SqlDataAdapter(cmd))
{
da.Fill(dt);
}
return dt;
}
}
With the SqlDataAdapter class, you don't need to explicitly call SqlConnection.Open(). The SqlDataAdapter.Fill() method handles all of the connection opening (and closing).
MSDN Reference on SqlDataAdapter.Fill()
As per the above reference, quoted:
The connection object associated with the SELECT statement must be valid, but it does not need to be open. If the connection is closed before Fill is called, it is opened to retrieve data, then closed. If the connection is open before Fill is called, it remains open.
Open connection and close as soon as possible.
public DataTable GetData(string commandString)
{
var result = new DataTable();
using (var cn = new SqlConnection(ConfigurationManager.ConnectionStrings["_uniManagementConnectionString1"].ConnectionString))
using (var cmd = new SqlCommand(commandString, cn))
using (var da = new SqlDataAdapter(cmd))
{
da.Fill(result);
}
return result;
}
Shouldn't that be
if (cn == null)
{
cn = new SqlConnection(myConnection);
cn.Open();
}
Although Sebastian's answer covers a good portion of what's wrong. Here is a more complete list.
You have SQL Injection issues. All queries should be parameterized otherwise you are asking for trouble. Especially when you are directly appending text entered by the user.
You are leaking resources: SqlConnection and SqlCommand. These need to be as close to the code that actually utilizes the connection and command as possible. Trust me, Windows is more than capable of handling all of the open/closing of connections through the build in connection pool. You don't need to maintain this yourself.
The code itself is brittle due to use of embedded SQL in your display layer. By way of example, let's say CourseCode is renamed to CourseId. You will have to search through and modify, potentially, a lot of code files just to make that change. There are multiple ways of limiting exposure to this issue; I'll leave that for you to research.
If I ran across this code in the wild, I would delete the ConnectionClass in its entirety. There is nothing that it is going to do for your that shouldn't be done elsewhere in a more robust manner.
Next I would delete the GetData() method. That is just bad code. You should never accept a full sql string and blindly execute it. There are a lot of security issues just in that one block of code.
Then I would rewrite the ClassDataManagement such that my SQL (if I really wanted it to stay embedded, which I wouldn't because I don't roll that way) was the container for all of my queries. I would have good methods like GetCourseByCourseCode(String courseCode) which would validate that the courseCode is in an expected format then pass it to my sqlcommand object as a parameter to the query.
For bonus points I'd expand on the above by looking at what calls could be better served by cached data. By having them in identified methods, it's much easier to pick and choose what can come from the cache vs what I really need to go across the network and run a query for.
Next, I would make sure that everywhere I made a SQL call, I had my SqlConnection, SqlCommand and readers wrapped in using clauses. It's the best way to ensure that everything is properly closed and disposed of prior to leaving the method. Anything less and you are inviting trouble.
Finally, I would highly consider using Enterprise Library for my data access. It's much better.
Having all given advices, to solve your current problem, you may try this way also:
public class ConnectionClass
{
static SqlConnection cn;
public static SqlConnection Connection()
{
string myConnection = ConfigurationManager.ConnectionStrings["_uniManagementConnectionString1"].ConnectionString;
return new SqlConnection(myConnection);
}
}
public class ClassDataManagement
{
public DataTable GetData(string SQL)
{
using (SqlConnection cn = ConnectionClass.Connection())
{
//SqlCommand cmd = new SqlCommand(SQL, cn);
SqlDataAdapter da = new SqlDataAdapter(SQL,cn);
DataTable dt = new DataTable();
da.Fill(dt);
return dt;
}
}
......
public DataTable GetData()
{
using (System.Data.SqlClient.SqlConnection con = new SqlConnection("YourConnection string"))
{
con.Open();
using (SqlCommand cmd = new SqlCommand())
{
string expression = "Parameter value";
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "Your Stored Procedure";
cmd.Parameters.Add("Your Parameter Name",
SqlDbType.VarChar).Value = expression;
cmd.Connection = con;
using (SqlDataAdapter da = new SqlDataAdapter(SQL, cn))
{
DataTable dt = new DataTable();
da.Fill(dt);
return dt;
}
}
}
}
I'm new to asp.net so this might be really basic question, but i cant figure it out.
I found a bit of code on the internet, that connects to database. And i created a namespace and some classes to use the same code in different projects.
The code and my class is the following:
namespace databaseFunctions
{
public class databaseConnection
{
private static string databaseConnectionString()
{
return "DRIVER={MySQL ODBC 5.1 Driver}; ........";
}
public static DataTable getFromDatabase(string SQL)
{
DataTable rt = new DataTable();
DataSet ds = new DataSet();
OdbcDataAdapter da = new OdbcDataAdapter();
OdbcConnection con = new OdbcConnection(databaseConnectionString());
OdbcCommand cmd = new OdbcCommand(SQL, con);
da.SelectCommand = cmd;
da.Fill(ds);
try
{
rt = ds.Tables[0];
}
catch
{
rt = null;
}
return rt;
}
public static Boolean insertIntoDatabase(string SQL)
{
OdbcDataAdapter da = new OdbcDataAdapter();
OdbcConnection con = new OdbcConnection(databaseConnectionString());
OdbcCommand cmd = new OdbcCommand(SQL, con);
con.Open();
try
{
cmd.ExecuteNonQuery();
return true;
}
catch
{
return false;
}
}
}
There is no problem getting data from database, or insert data into some database.
But. when i try to get the last_insert_id() from the mysql database. i only get a zero.
This is why i think that this piece of code I've created and copied from internet, creates a new connection for every time i call the "getFromDatabase(SQL)"
Is there anyone that could help me with fixing this class getFromDatabase() to keep the databaseconnection alive until i tell the program to abandon the connection?
I guess it is the "new OdbcConnection" that should be changed? Is it possible to check if there already is a connection alive?
I've done this hundreds of times in classic asp, but now, with classes and stuff. I'm totally lost.
The problem you face is that you've coded yourself into a "new connection per action" corner. What you really want to aim for,and is considered best practice, is "new connection per batch of actions".
What I recommend in this case is to open connection when required, and close when disposed. What we'll do is move the odbc adapters to a larger scoped variable so that it can be accessed within the class.
namespace databaseFunctions
{
public class databaseConnection:IDisposable
{
private OdbcConnection con;
private string connectionString;
public databaseConnection(string connectionString){
this.connectionString = connectionString;
}
public void OpenConnection(){
if (con == null || con.IsClosed ){ // we make sure we're only opening connection once.
con = new OdbcConnection(this.connectionString);
}
}
public void CloseConnection(){
if (con != null && con.IsOpen){ // I'm making stuff up here
con.Close();
}
}
public DataTable getFromDatabase(string SQL)
{
OpenConnection();
DataTable rt = new DataTable();
DataSet ds = new DataSet();
OdbcCommand cmd = new OdbcCommand(SQL, con);
da.SelectCommand = cmd;
da.Fill(ds);
try
{
rt = ds.Tables[0];
}
catch
{
rt = null;
}
return rt;
}
public Boolean insertIntoDatabase(string SQL)
{
OpenConnection();
OdbcCommand cmd = new OdbcCommand(SQL, con);
con.Open();
try
{
cmd.ExecuteNonQuery();
return true;
}
catch
{
return false;
}
}
// Implementing IDisposable method
public void Dispose(){
CloseConenction();
}
}
}
Now the next time you use your class do something like
using (DatabaseConnection db = new DatabaseConnection()){
db.InsertIntoDatabase(...);
db.GetLastInsertID();
db.GetFromDatabase(...);
}
At the end of that code block, because it is IDisposeable, it will close that connection for you in the dispose method.
Things I changed:
implemented IDisposable interface
changed methods from static to class methods.
added new methods for opening closing connection
moved connection variable to class level scope
added an argument to the constructor that lets you pass in a connection string (you should put this connection string in you Web.Config
Edits:
constructor takes in connectionString per suggestion.
Yes, the code you posted is creating a new database connection every time a method is called, but that's not a problem. The problem is that it is not disposing the connection properly. The way to handle something like this is as follows:
using (OdbcConnection con = new OdbcConnection("yourconnectionsstring"))
{
con.open();
OdbcCommand command = new OdbcCommand("command_text",con);
command.ExecuteQuery(); //or what ever you need to do
}
That way the connection is being disposed properly since using is just syntactic sugar for try/finally
What you need to do is execute the 2 sql statements in the same transaction in a way that you insert the record in the first sql statement and retrieve the last inserted id on the next insert before ending the transaction. For example:
using (OdbcConnection con = new OdbcConnection("yourconnectionsstring"))
{
con.open();
OdbcTransaction tran = con.BeginTransaction()
OdbcCommand command = new OdbcCommand("first_sql_statement_here",con);
command.ExecuteNonQuery();
command.CommandText = "select last_insert_id();";
int result =command.ExecuteScalar();
tran.commit();
}
That is pretty much the idea.
You should let the connection pool handle your connections; That means you Close() every connection as soon as possible, and only create a new one at the last possible moment.
So yes - keep creating new ones for separate transactions.
I am trying to get a better handle on decoupling my code, code reuse, etc.
I'm tired of typing the below every time I want to read some rows:
using(SqlConnection conn = new SqlConnection(myConnString))
{
using(SqlCommand cmd = new SqlCommand(cmdTxt, conn))
{
conn.Open();
using(SqlDataReader rdr = cmd.ExecuteReader())
{
while(rdr.Read())
{
/* do something with rows */
}
}
}
}
I understand there is LINQ to SQL (I don't like it), and the Entity Framework (still a baby). I have no problems having to type my queries out, I just don't want to have to type the command contruction, row iterator, etc each time.
I looked around and found something that I thought would work for me, and tried to implement it to make things easier for me. As you can see in the comment, I get an error that the SqlDataReader is closed. I'm guessing it's probably because of the using statement int the DataFactory.ExecuteReader() method. When the reader is returned, the dispose method is called on my SqlConnection and SqlCommand variables. Am I right there? If so, how should one manage the connection and command variables?
Edit: I updated my code example to better reflect what I am doing.
public class DataFactory
{
public DataFactory()
{}
public DataFactory(string connectionString)
{
_connectionString = connectionString;
}
protected _connectionString = "Data Source=Localhost, etc, etc";
private string ConnectionString
{
get{return _connectionString;}
}
public SqlConnection GetSqlConnection()
{
return new SqlConnection(ConnectionString);
}
public SqlDataReader ExecuteReader(string cmdTxt)
{
using(SqlConnection conn = new SqlConnection(ConnectionString))
{
using(SqlCommand cmd = new SqlCommand(cmdTxt, conn))
{
conn.Open();
return cmd.ExecuteReader();
}
}
}
}
public IRepository<T>
{
T GetById(int id);
}
public MyTypeRepository: IRepository<MyType>
{
private static DataFactory _df = new DataFactory();
public MyType GetById(int id)
{
string cmdTxt = String.Format("SELECT Name FROM MyTable WHERE ID = {0}", id);
using(SqlDataReader rdr = _df.ExecuteReader(cmdTxt))
{
if(rdr.Read()) /* I get an error that the reader is already closed here */
{
return new MyType(
Convert.ToInt32(rdr["Id"]),
rdr["Name"]);
}
else
{
return null;
}
}
}
}
public class MyType
{
public MyType(int id, string name)
{
_id = id;
_name = name;
}
private string _name;
public string Name
{
get{return _name;}
}
private int _id;
public int Id
{
get{return _id;}
}
public override void ToString()
{
return string.Format("Name: {0}, Id: {1}", Name, Id);
}
}
public class Program
{
private static MyTypeRepository _mtRepo = new MyTypeRepository();
static void Main()
{
MyType myType = _mtRepo.GetById(1);
Console.WriteLine(myType.ToString());
}
}
I also would like to know if what I'm doing makes any sense, or, if not, how to achieve something similar so that I don't have to type the connection creation, etc so often.
Your method ExecuteReader will close the connection before returning the Reader. Instead it should be implemented something like:
public IDataReader ExecuteReader(string cmdTxt)
{
SqlConnection conn = new SqlConnection(...);
try
{
SqlCommand cmd = new SqlCommand(cmdTxt, conn);
conn.Open();
return cmd.ExecuteReader(CommandBehavior.CloseConnection);
}
catch
{
conn.Close();
throw;
}
}
Callers of the ExecuteReader method will need to dispose the IDataReader:
using(IDataReader reader = ExecuteReader(commandText))
{
...
} // reader will be disposed here and will close the connection.
Note that the above does not call Dispose on the SqlCommand object. In my experience and from looking at SqlCommand with Reflector it's not necessary as long as the SqlConnection is disposed. But I believe the following will work if you do want to dispose it:
public IDataReader ExecuteReader(string cmdTxt)
{
SqlConnection conn = new SqlConnection(...);
SqlCommand cmd = null;
try
{
cmd = new SqlCommand(cmdTxt, conn);
conn.Open();
IDataReader reader =
cmd.ExecuteReader(CommandBehavior.CloseConnection);
cmd.Dispose();
return reader;
}
catch
{
if (cmd != null) cmd.Dispose();
conn.Close();
throw;
}
}
It's very important that you close and/or dispose your data reader after using it then everyone who wants to use your DataFactory should remember to do that.I think it's a good idea to return a DataTable instead of SqlDataReader so that your DataFactory is not dependent to SqlDataReader.
I mean :
public DataTable ExecuteReader(string cmdTxt)
{
using(SqlConnection conn = new SqlConnection(ConnectionString))
{
using(SqlCommand cmd = new SqlCommand(cmdTxt, conn))
{
conn.Open();
using(SqlDataReader reader=cmd.ExecuteReader())
{
DataTable dt=new DataTable();
dt.Load(reader);
return dt;
}
}
}
}
EDIT:
Good point.I don't like data tables either ( We use NHibernate so I actually don't use data tables in our applications)
So if you'd like to map a data reader to your own objects maybe you can have a data mapper that maps data reader to your own objects I mean:
public T[] ExecuteReader<T>(string cmdTxt)
{
using(SqlConnection conn = new SqlConnection(ConnectionString))
{
using(SqlCommand cmd = new SqlCommand(cmdTxt, conn))
{
conn.Open();
using(SqlDataReader reader=cmd.ExecuteReader())
{
var result=new List<T>();
while(reader.Read())
result.Add(ObjectMapper.MapReader<T>(reader));
return result.ToArray();
}
}
}
}
What I do is I create an XML file with my queries and use an XSLT transformation to generate my DAL code CS files. You can go as fancy as you like, declare parameters in the XML and generate methods with appropriate signatures in the XSLT etc etc. I have a blog entry that covers, for a related topic, how to integrate the XSLT transformation into your Visual Studio project. Now one may argue that using a typed dataset is the same thing and is a free lunch, but in my case I use asynchronous DAL based on BeginExecute/EndExecute. None of the VS tools gets this approach right so I basically had to build my own.
I would say it's not really decoupling enough - basically any module you have with "using System.Data.SqlClient" is coupled to your database. The whole point of a DAL is that the application is coupled to the DAL and the DAL is coupled to the database.