Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Trying to write better code 2

Status
Not open for further replies.
fergmj

fergmj

Programmer
Feb 21, 2001
276
0
0
US
I am new to C# and programming in .NET

I am pretty sure this needs some better error handling around the connection at least.

Can anyone suggest improvements to my small code below?

Thank you in advance.

Code: 
                SQLErrors = "";
                SqlConnection cn = new SqlConnection(connectionStringGP);
                cn.Open();

                string sql = "exec tdbTransferWarehouseItemGetDocNo '" + sEmpInitials + "'";

                SqlCommand cd = new SqlCommand(sql, cn);

                DocNo = "";
                bDupDocNo = false;

                SqlDataReader dr2 = cd.ExecuteReader();

                if (dr2.Read())
                {

                    DocNo = dr2["DocNo"].ToString();

                }
                dr2.Close();
 
Sort by date Sort by votes
The quick answer is to use a try catch block around the code.

Whenever you write code that could cause an error, you should wrap it within a try catch block. That way, you can dictate what happens when an error occurs instead of the OS.

im in ur stakz, overflowin ur heapz!
 
Upvote 0 Downvote
The quick answer is to use a try catch block around the code.

Whenever you write code that could cause an error, you should wrap it within a try catch block. That way, you can dictate what happens when an error occurs instead of the OS."

I disagree. You should wrap called code if you know how to fix the problem. If not, you should wrap the caller code.

In this case, with a finally block to clear up the connection, you may wish to rethrow the exception.

C
 
Upvote 0 Downvote
In addition, but not related to exception handling, it seems that in your sp, you're only expecting a single value. You can use the SqlCommand.ExecuteScalar() method. It will return the first column of the first row only. If resultset is empty, a null reference is returned.

Also, use command parameters, rather than concatenating. Keeps you safe from sql injection.

hth [wink]
 
Upvote 0 Downvote
I agree with Craig0201, you should only catch exceptions if you are going to do something about them, else let the exception bubble up.

Smeat
 
Upvote 0 Downvote
If you are returning a single value to load into a variable, for example, returning a parameter avoids all of the overhead of a data table that you would get even with ExecuteScalar.

BlackburnKL
 
Upvote 0 Downvote
always use a parameterized query. this avoids sql injection attacks. here's a simpilified version of how I code connections.
Code: 
using(IDbConnection cnn = new SqlConnection(connectionStringGP))
{
   cnn.Open();
   IDbCommand cmd = cnn.CreateCommand();
   cmd.CommandText = "tdbTransferWarehouseItemGetDocNo @input";
   cmd.CommandType = CommandType.StoredProcecure;
   IDbParameter parameter = cmd.CreateParameter("input");
   parameter.Value = sEmpInitials;
   cmd.Parameters.Add(parameter);
   return cmd.ExecuteScalar();
}

Jason Meckley
Programmer
Specialty Bakers, Inc.
 
Upvote 0 Downvote
always use a parameterized query. this avoids sql injection attacks.
Click to expand...
More than that, they also are faster in the DB. SQL will cache the statement, but not the parameters. So the next time the same statement is used it is already compiled and has an execution plan, SQL server just plugs in the params. Using prepared sql statements with inline parameters clogs up the cache, unless you expect the same params every time. But even then, use parameterazed for security's sake.
 
Upvote 0 Downvote
Consider implementing your stored procedure as a user defined function instead...

The advice about parameters is bang on - follow it...

Martin.
 
Upvote 0 Downvote
mmilan said:
Consider implementing your stored procedure as a user defined function instead...
Click to expand...
I don't agree with that. User defined functions should be used inline with SQL statements. They are meant for doing some extra manipulation of the data before returning it. For simply selecting data, a stored procedure should be used.

 
Upvote 0 Downvote
But you can use a table-valued function to compose up larger result sets from smaller ones. This is a pretty powerful instance of reuse in the database layer.

Chip H.


____________________________________________________________________
www.chipholland.com
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

xarzu
  • Question
What is the proper way to declare a Microsoft class to use in my code. The quick and dirty way I am doing it here, I know, is not correct
Replies
0
Views
102
xarzu
xarzu
peac3
  • Locked
  • Question
close teradata connection session to dispose volatile tables
Replies
4
Views
445
peac3
peac3
hoangluc19
  • Locked
  • Question
Load data from database to Datagridview C#
Replies
0
Views
211
hoangluc19
hoangluc19
hoangluc19
  • Locked
  • Question
Load hour and minute to datagridview C#
Replies
0
Views
409
hoangluc19
hoangluc19
Crox
  • Locked
  • Question
new to c#
Replies
3
Views
223
Crox
Crox

Part and Inventory Search

Sponsor

Back
Top