Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDevelopment and...Development and...Building ExtensionsBuilding ExtensionsModulesModulesDatabase accessDatabase access
Previous
 
Next
New Post
11/26/2010 3:52 AM
 
Aristotelis Pitaridis


www.computermagic.gr/
Joined: 7/8/2009
Posts: 44
When I create a project for a new compiled module using the DNN template, a data provider class exists in the project which calls the stored procedures in order to store and retrieve data from the database. The fact that I do not like using stored procedures but I prefer to have direct access to the database because it makes the development process simpler for me, I create a new class for accessing the data. Below there is an example of such a class and I would like to know if it is compatible with all versions of DNN.

    Public Class Categories
        Public Function InsertCategory(ByVal LanguageID As String, ByVal CategoryName As String, ByVal CategoryParent As Integer) As Integer
            Dim MyConnection As New System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("SiteSqlServer").ConnectionString)
            MyConnection.Open()

             Dim MyCommand As New System.Data.SqlClient.SqlCommand
            MyCommand.Connection = MyConnection
            MyCommand.CommandType = System.Data.CommandType.Text
            MyCommand.CommandText = "INSERT INTO Map_Categories (LanguageID, CategoryName, CategoryParent) VALUES (@LanguageID, @CategoryName, @CategoryParent)"
            MyCommand.Parameters.Add(New System.Data.SqlClient.SqlParameter("@LanguageID", LanguageID))
            MyCommand.Parameters.Add(New System.Data.SqlClient.SqlParameter("@CategoryName", CategoryName))
            MyCommand.Parameters.Add(New System.Data.SqlClient.SqlParameter("@CategoryParent", CategoryParent))

             Dim NumberOfRowsAffected As Integer = MyCommand.ExecuteNonQuery()
            MyConnection.Close()
            Return NumberOfRowsAffected
        End Function

         Public Function UpdateCategory(ByVal CategoryID As Integer, ByVal CategoryName As String) As Integer
            Dim MyConnection As New System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("SiteSqlServer").ConnectionString)
            MyConnection.Open()

             Dim MyCommand As New System.Data.SqlClient.SqlCommand
            MyCommand.Connection = MyConnection
            MyCommand.CommandType = System.Data.CommandType.Text
            MyCommand.CommandText = "UPDATE Map_Categories SET CategoryName = @CategoryName WHERE CategoryID = @CategoryID"
            MyCommand.Parameters.Add(New System.Data.SqlClient.SqlParameter("@CategoryID", CategoryID))
            MyCommand.Parameters.Add(New System.Data.SqlClient.SqlParameter("@CategoryName", CategoryName))

             Dim NumberOfRowsAffected As Integer = MyCommand.ExecuteNonQuery()
            MyConnection.Close()
            Return NumberOfRowsAffected
        End Function

         Public Function SelectCategories(ByVal LanguageID As String) As DataTable
            Dim MyConnection As New System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("SiteSqlServer").ConnectionString)
            MyConnection.Open()

             Dim MyCommand As New System.Data.SqlClient.SqlCommand
            MyCommand.Connection = MyConnection
            MyCommand.CommandType = System.Data.CommandType.Text
            MyCommand.CommandText = "SELECT CategoryID, CategoryName, CategoryParent FROM Map_Categories WHERE LanguageID = @LanguageID"
            MyCommand.Parameters.Add(New System.Data.SqlClient.SqlParameter("@LanguageID", LanguageID))

             Dim MyDataAdapter As New SqlClient.SqlDataAdapter(MyCommand)
            Dim MyDataSet As New DataSet()
            MyDataAdapter.Fill(MyDataSet)
            MyConnection.Close()

             Return MyDataSet.Tables(0)
        End Function

         Public Function DeleteCategory(ByVal CategoryID As Integer) As Integer
            Dim MyConnection As New System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("SiteSqlServer").ConnectionString)
            MyConnection.Open()

             Dim MyCommand As New System.Data.SqlClient.SqlCommand
            MyCommand.Connection = MyConnection
            MyCommand.CommandType = System.Data.CommandType.Text
            MyCommand.CommandText = "DELETE FROM Map_Categories WHERE CategoryID = @CategoryID"
            MyCommand.Parameters.Add(New System.Data.SqlClient.SqlParameter("@CategoryID", CategoryID))

             Dim NumberOfRowsAffected As Integer = MyCommand.ExecuteNonQuery()
            MyConnection.Close()
            Return NumberOfRowsAffected
        End Function
    End Class

I think that this class will help other developers as well but I would like to know if it will cause some kind of problem in a dnn installation with special settings.
 
New Post
11/26/2010 4:03 AM
 
Sergiy Velychko


Sergiy Velychko's Avatar

forDNN.com
Joined: 7/10/2005
Posts: 376
Aristotelis

It is compatible, but not good. Because:

1) DNN has some standards and experience shows these standards are very good and fast. And first of all SP is safe and fast (because precompiled) method to retrieve or to change data.
2) In your code you make new SQLConnection what is not good, because when you use "DNN way" then it uses existing connection.

But it is fully on your own. You can make what you want :) DNN is very very flexible.

Sergey

forDNN Team is DotNetNuke Partner 

 
New Post
11/26/2010 4:17 AM
 
Aristotelis Pitaridis


www.computermagic.gr/
Joined: 7/8/2009
Posts: 44

The way that I do it is faster for me to develop a module and by changing the SQL command in my class I change the data that I will retrieve when I want to make a change. I would like to know why it is safer to use the SP. The only thing that I care about is that the code will executed successfully in all the dnn installations.

 
New Post
11/26/2010 4:29 AM
 
Sergiy Velychko


Sergiy Velychko's Avatar

forDNN.com
Joined: 7/10/2005
Posts: 376
Aristotelis

1) SP is at the DB and no one can see your SQL code. When you put query in the C# or VB code, then anyone can easy decompile and look your SQL code.
2) SP is precompiled - so it runs faster then the same SQL command in C# or VB.
3) Do not forget about SQL-injection.

Sergey

forDNN Team is DotNetNuke Partner 

 
New Post
11/26/2010 4:52 AM
 
Aristotelis Pitaridis


www.computermagic.gr/
Joined: 7/8/2009
Posts: 44
Sergey, thank you for your replies.

I know about the fact that the SP is precompiled and it is executed a bit faster than the standard SQL commands but for the projects that I develop it is not really a problem.

About the decompile thing that you said, if someone has access to the web server in order to get the dll and decompile it, he can also see the web.config file and get the SQL Server login information in order to connect to the database and get access to the data.

As I mentioned before the only thing that I care about is that it will make the job and it will not cause some kind of trouble during the execution of the module.
 
 Page 1 of 5
123...5Next 
Previous
 
Next
HomeHomeDevelopment and...Development and...Building ExtensionsBuilding ExtensionsModulesModulesDatabase accessDatabase access


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out