Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDevelopment and...Development and...Building ExtensionsBuilding ExtensionsModulesModulesDatabase accessDatabase access
Previous
 
Next
New Post
11/26/2010 5:00 AM
 
Sergiy Velychko


Sergiy Velychko's Avatar

forDNN.com
Joined: 7/10/2005
Posts: 376
Aristotelis

Should not be any more problems. And as i said - DNN is very flexible.

Sergey

forDNN Team is DotNetNuke Partner 

 
New Post
11/26/2010 5:09 AM
 
Lars Tungen


Joined: 10/4/2003
Posts: 108
One should always use command parameters (@name) in SQL statements. That will prevent SQL injection attacks with or without the use of stored procs. I have also found the use of stored procedures for everything to be a waste of time. I create procs for insert, update and delete. Selects I put directly in the dataprovider because there are many of them and they change frequently. There is no real-life performance benefit with stored procedures.  A busy site will have all commands optimized within SQL server anyways (remember to use parameters). And there isn't a security benefit with stored procs either.

But there is one big problem with your code. You don't handle prefixes properly. All tables in a DNN database are sometimes prefixed with a short name for historical reasons. If you don't take this into account your code will fail in some environments. Even though it is no longer recommended to use the prefix feature, it is still supported by the installation wizard and many older DNN sites are using them. 
 
New Post
11/26/2010 5:22 AM
 
Sergiy Velychko


Sergiy Velychko's Avatar

forDNN.com
Joined: 7/10/2005
Posts: 376
Lars

We have one client who had very good module, but no sources and no contacts with developer who made it. And also some SQL code has been written inside of C#/VB and some in SP. Customer needs changes for module, changes in generally at the DB level. What were possible to change in SP - we have changed, but can't change what is in the C#/VB code, because no source. So customer had to ask to redevelop module again.

This is why we would like to spend more time to put code to "correct place" - to DB, then put it inside of C#/VB code.

Sergey 

forDNN Team is DotNetNuke Partner 

 
New Post
11/26/2010 5:28 AM
 
Aristotelis Pitaridis


www.computermagic.gr/
Joined: 7/8/2009
Posts: 44
Lars Tungen wrote:
One should always use command parameters (@name) in SQL statements. That will prevent SQL injection attacks with or without the use of stored procs. I have also found the use of stored procedures for everything to be a waste of time. I create procs for insert, update and delete. Selects I put directly in the dataprovider because there are many of them and they change frequently. There is no real-life performance benefit with stored procedures.  A busy site will have all commands optimized within SQL server anyways (remember to use parameters). And there isn't a security benefit with stored procs either.

But there is one big problem with your code. You don't handle prefixes properly. All tables in a DNN database are sometimes prefixed with a short name for historical reasons. If you don't take this into account your code will fail in some environments. Even though it is no longer recommended to use the prefix feature, it is still supported by the installation wizard and many older DNN sites are using them. 

 Thanks Lars for you reply. Could you correct my code so that it will handle the prefixes because I do not know how to handle it. make it for one function and I will make the rest.

Thanks in advance.
 
New Post
11/26/2010 5:30 AM
 
Lars Tungen


Joined: 10/4/2003
Posts: 108
@Sergey:
I hope you are not recommending developers to plan their software architecture based on the presumption that the code will be unavailable for modification in the future. That would be insane. The data should be placed in the database. The code should be placed in the code.
 
 Page 2 of 5
Previous123...5Next 
Previous
 
Next
HomeHomeDevelopment and...Development and...Building ExtensionsBuilding ExtensionsModulesModulesDatabase accessDatabase access


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out