Handling Database Connection in C#

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP



Handling Database Connection in C#



I am Creating WinForm application using C# and SqlServer. I have to handle many database CRUD Queries on it. And also there are so many forms and so many controllers.



Now I want to know is, If i create common class for handle database connectivity with many methods for open connection, close connection, execute Sql command or do any other data retrievals. This method is good or bad?



or below method for run every query is good or bad?


using (SqlConnection connection = new SqlConnection("Integrated Security=SSPI;Initial Catalog=MYDB"))

connection.Open();
// Pool A is created.



which method is better for performance and security?





Possible duplicate of C# sql create one connection and open and close for each query
– John
Aug 13 at 6:58





Have a look at Entity Framework, DbContext, Database classes
– Dmitry Bychenko
Aug 13 at 6:58


DbContext


Database





What kind of solution?
– John
Aug 13 at 7:06





@John no i'm talking about this kind of solution c-sharpcorner.com/UploadFile/f26fb0/connection-class-in-C-Sharp
– Pushpamal
Aug 13 at 7:07





And does the duplicate not answer your question?
– John
Aug 13 at 7:07




3 Answers
3



Here are some points to think about when using a connection.



1) Dispose the connection object as soon as you no longer need it by using the using statement:


using (var conn = new SqlConnection(connectionstring))

// your sql magic goes here



2) If you're not disposing the object immediately, you can make sure the connection is closed using a try-finally statement:


var conn = new SqlConnection(connectionstring);
try

// do sql shizzle

finally

conn.Close();



3) To prevent SQL injection, use parameterized queries, never concatenated strings


using (var conn = new SqlConnection(connectionstring))

conn.Open();
using(var comm = new SqlCommand("select * from FooBar where foo = @foo", conn))

comm.Parameters.Add(new SqlParameter("@foo", "bar"));
using(var reader = comm.ExecuteReader())

// Do stuff with the reader;





4) If you're performing multiple update, insert or delete statements, and they all need to be succesful at once, use a transaction:


using (var conn = new SqlConnection(connectionstring))

conn.Open();
using(var trans = conn.BeginTransaction())

try

using(var comm = new SqlCommand("delete from FooBar where fooId = @foo", conn, trans))

comm.Parameters.Add(new SqlParameter ParameterName = "@foo", DbType = System.Data.DbType.Int32 );
for(int i = 0; i < 10 ; i++)

comm.Parameters["@foo"].Value = i;
comm.ExecuteNonQuery();


trans.Commit();

catch (Exception exe)

trans.Rollback();
// do some logging





5) Stored procedures are used similarly:


using (var conn = new SqlConnection(connectionstring))

conn.Open();
using (var comm = new SqlCommand("FooBarProcedure", conn) CommandType = CommandType.StoredProcedure )

comm.Parameters.Add(new SqlParameter("@FooBar", "shizzle"));
comm.ExecuteNonQuery();




(Source stored procedures: this Answer)



Multi threading: The safest way to use multi threading and SQL connections is to always close and dispose your connection object. It's the behavior the SqlConnection was designed for. (Source: Answer John Skeet)





You are a great man. In this Answer I have to get knowledge more than that my entire semester knowledge. Thank You man. But I have some problems. 1) If Use Stored Procedures to handle CRUD, It's good or bad ? 2) If this connection pooling method will help me at multi threading?
– Pushpamal
Aug 13 at 8:15



Best practice is make a common DBHelper class and create CRUD methods into that class.
I am adding code snippet.This may help you.



web.config


<connectionStrings>
<add name="mssqltips"
connectionString="data source=localhost;initial catalog=mssqltips;Integrated Security=SSPI;"
providerName="System.Data.SqlClient" />
</connectionStrings>



DBHelper.cs


//Opening Connection
public SqlConnection GetConnection(string connectionName)

string cnstr = ConfigurationManager.ConnectionStrings[connectionName].ConnectionString;
SqlConnection cn = new SqlConnection(cnstr);
cn.Open();
return cn;

//for select
public DataSet ExecuteQuery(
string connectionName,
string storedProcName,
Dictionary<string, sqlparameter=""> procParameters
)

DataSet ds = new DataSet();
using(SqlConnection cn = GetConnection(connectionName))

using(SqlCommand cmd = cn.CreateCommand())

cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = storedProcName;
// assign parameters passed in to the command
foreach (var procParameter in procParameters)

cmd.Parameters.Add(procParameter.Value);

using (SqlDataAdapter da = new SqlDataAdapter(cmd))

da.Fill(ds);



return ds;


//for insert,update,delete

public int ExecuteCommand(
string connectionName,
string storedProcName,
Dictionary<string, SqlParameter> procParameters
)

int rc;
using (SqlConnection cn = GetConnection(connectionName))

// create a SQL command to execute the stored procedure
using (SqlCommand cmd = cn.CreateCommand())

cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = storedProcName;
// assign parameters passed in to the command
foreach (var procParameter in procParameters)

cmd.Parameters.Add(procParameter.Value);

rc = cmd.ExecuteNonQuery();


return rc;





Having a public method returning an open SqlConnection is hardly best practice...
– Zohar Peled
Aug 13 at 7:12



If you do not want to dispose context every time you can create repository class and inject SqlConnection inside.


using (SqlConnection connection = new SqlConnection("Integrated Security=SSPI;Initial Catalog=MYDB"))

repository.SetConnection(connection);
var values = repository.GetSomething();



And Create Class:


public Class Repository

private SqlConnection _connection get; set;

public void SetConnection(SetConnection connection)

_connection = connection;


public string GetSomething()

_connection.Open();
//do stuff with _connection
_connection.Close();




Anyway I recommend you to read about ORM's (Entity Framework or Dapper) and SQL injection attack.





thank you for your suggestion. I will try this out.
– Pushpamal
Aug 13 at 7:25





Is this repository meant to be a singleton or per-dependency? Is it thread-safe?
– John
Aug 13 at 7:30





that is nice, but if it is not just a university project read about SQL injection attack first. @Vishal Pawar proposed verry good solution, where he prepares data via stored procedure and that is a good way to get something from db. He also gets connection string from web.config, what is also a good thing (better than my solution)
– Arkadiusz Raszeja
Aug 13 at 7:31





@John that is my answer, not a production code :) For a WinForm singleton repository should indeed be a good option
– Arkadiusz Raszeja
Aug 13 at 7:38





@Arkadiusz this just a University project and there are some multi-threadings and also want to get data from many table at once. what is the best way to do connectivity ?
– Pushpamal
Aug 13 at 7:53






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

Firebase Auth - with Email and Password - Check user already registered

Image
Clash Royale CLAN TAG #URR8PPP Firebase Auth - with Email and Password - Check user already registered I want to check when a user attempts to signup with createUserWithEmailAndPassword() in Firebase user Authentication method, this user is already registered with my app. createUserWithEmailAndPassword() 8 Answers 8 To detect whether a user with that email address already exists, you can detect when the call to createUserWithEmailAndPassword () fails with auth/email-already-in-use . I see that @Srinivasan just posted an answer for this. createUserWithEmailAndPassword () auth/email-already-in-use Alternatively, you can detect that an email address is already used by calling fetchSignInMethodsForEmail() (previous called fetchProvidersForEmail() ). fetchSignInMethodsForEmail() fetchProvidersForEmail() When the user trying to create an user with same email address, the task response will be "Response: The email address is already in use by another account." mFirebas
Read more

Dynamically update html content plain JS

Image
Clash Royale CLAN TAG #URR8PPP Dynamically update html content plain JS So I have a script bound in my index.html, which literally has to fetch an array of jsons from an api, then dynamically update my page when get response. But as a result I'm getting an as the only update of my page. here is my script fetch(url) .then((resp) => resp.json()) .then((resp) => resp.results.forEach(item => fetch(item.url) .then((response)=> response.json()) .then((response) => pokeArr.push(response)) .catch(console.log) ) ).catch(console.log) const filler = () => if(!pokeArr) return 0 pokeArr.map((i,j)=> return `<tr>$i.name</tr>` ) const pokeindex = () => document.getElementById('a').appendChild(document.createElement(filler())) pokeindex() When I'm consoling it, I can see in the console all the responses I get, so I'm at least doing the fetching part right. What's parberakan ? What's pokeArr ? – T.J. Crowder Aug 8 at 12
Read more

How to determine optimal route across keyboard

Image
Clash Royale CLAN TAG #URR8PPP How to determine optimal route across keyboard I'm trying to automate the typing process in a video game. Players are given an on-screen QWERTY keyboard layout that they can navigate with the control stick (up, down, left, right) in order to select a letter to type. I was wondering if there was a module for Python (or some other resource I could explore) that would help my program find a path across the keyboard as it types each letter in a given message. In other words, if the first letter typed was "A" and the next letter was "B", the module would know that the program should move 1 space down on the keyboard and 4 spaces to the right. Currently, I have the program resetting to the "G" key after each letter is typed (allowing me to use fixed-directions as the program parses each character in the desired message). As you can imagine, this is quite inefficient and defeats the purpose of automating the typing in the fir
Read more