|
Your presentation and business logic layers looks fine. But I felt some problem with data layer. Data layer can be more generic and reusable. So it should contains functions that can be used in all the pages from all business logic layers.
I data layer contains functions like GetDataSet() , ExecuteNonQuery() etc.. which takes the query and type as parameters and do the operation. You should do the query formation in your business logic layer. Your query formation is very near to SQL injection attacks. You'd to prefer writing parameterized queries or stored procedures.
Hope this helps
|
|
|
|
|
Thanks Navaneeth
is This Correct?
In My Data Access Layer i changed as
<br />
Public Function Getrecord(ByVal groupid As Integer, ByVal Qry As String) As DataSet<br />
Dim oMyDataset As New DataSet<br />
Dim oMyAdapter As New SqlDataAdapter<br />
Dim oMyConn As SqlConnection = New SqlConnection(ConfigurationSettings.AppSettings("BBM_CONSTR"))<br />
Dim oMyCommand As SqlCommand = New SqlCommand(Qry)<br />
oMyCommand.Parameters.Add("@groupid", SqlDbType.Int).Value = groupid<br />
oMyCommand.Connection = oMyConn<br />
oMyCommand.CommandType = CommandType.StoredProcedure<br />
Try<br />
oMyConn.Open()<br />
oMyAdapter.SelectCommand = oMyCommand<br />
oMyAdapter.Fill(oMyDataset)<br />
oMyCommand.ExecuteNonQuery()<br />
oMyConn.Close()<br />
Catch ex As Exception<br />
ex.Message.ToString()<br />
End Try<br />
If oMyDataset.Tables(0).Rows.Count > 0 Then<br />
Return oMyDataset<br />
End If<br />
End Function<br />
In My Bussiness Logic Layer i changed as
<br />
<br />
Public Function Getrecords() As DataSet<br />
Dim nn As New NitemDAL<br />
Return nn.Getrecord(Group, "BBsearch")<br />
End Function<br />
sathimailin
|
|
|
|
|
sathimailin1 wrote: is This Correct?
There is no correct or wrong, these all are the patterns for designing. So as I said in my previous post regarding generalizing the DAL, depends on that what you have changed is wrong.
sathimailin1 wrote: Public Function Getrecord(ByVal groupid As Integer, ByVal Qry As String) As DataSet
Change this to GetDataSet() (it can be anything, it's my suggestion) with a SQLCommand array and a query as parameters. So you can use this function in all your projects.
sathimailin1 wrote: Dim oMyConn As SqlConnection = New SqlConnection(ConfigurationSettings.AppSettings("BBM_CONSTR"))
Initialize your connection in the DAL constructor, and in your function open it , do the operation and close it. Dispose this object when your DAL gets disposed.
sathimailin1 wrote: oMyCommand.Parameters.Add("@groupid", SqlDbType.Int).Value = groupid
as you are getting parameters in an array, iterate through that and add each array item to the parameter list.
sathimailin1 wrote: CommandType.StoredProcedure
If your project is using stored procedures and dynamic written queries, CommandType also can be a parameter to the above function. Rewriting such a way will make your DAL reusable.
sathimailin1 wrote: Public Function Getrecords() As DataSet
Dim nn As New NitemDAL
Return nn.Getrecord(Group, "BBsearch")
End Function
In this function create SQLParameter array and pass that along with the query to the DAL. DAL should only execute the database statements. All other procedures has to be done on business layer.
Hope this helps
|
|
|
|
|
thanks for your help Nave neeth i will try as u said
|
|
|
|
|
|
Hai Navaneeth
As u suggested i have Made some correction in DAL please go through this
In My Data Access Layer i have made corrections as
<br />
Public Function GetDataSet(ByVal Qry As String, ByVal ConnString As SqlClient.SqlConnection, ByVal ParamArray SqlParams() As SqlClient.SqlParameter) As DataSet<br />
Dim cmd As New SqlClient.SqlCommand<br />
Dim sqladpt As New SqlClient.SqlDataAdapter<br />
Dim ds As New DataSet<br />
ConnString.Open()<br />
cmd.Connection = ConnString<br />
cmd.CommandText = Qry<br />
cmd.CommandType = CommandType.StoredProcedure<br />
Attach(cmd, SqlParams)<br />
sqladpt.SelectCommand = cmd<br />
sqladpt.Fill(ds)<br />
cmd.ExecuteNonQuery()<br />
ConnString.Close()<br />
If ds.Tables(0).Rows.Count > 0 Then<br />
Return ds<br />
End If<br />
End Function<br />
<br />
<br />
Public Shared Sub Attach(ByVal cmd As SqlClient.SqlCommand, ByVal SqlParam() As SqlClient.SqlParameter)<br />
Dim p As SqlClient.SqlParameter<br />
For Each p In SqlParam<br />
cmd.Parameters.Add(p)<br />
Next p<br />
End Sub<br />
In My BLL i Made Corrcetions as
<br />
<br />
Public Class NitemBLL<br />
Private _groupID As Integer<br />
Private _rhID As String = String.Empty<br />
Private _unitNo As String = String.Empty<br />
Public Property Group() As Integer<br />
Get<br />
Return _groupID<br />
End Get<br />
Set(ByVal Value As Integer)<br />
_groupID = Value<br />
End Set<br />
End Property<br />
Public Property RH() As String<br />
Get<br />
Return _rhID<br />
End Get<br />
Set(ByVal value As String)<br />
_rhID = value<br />
End Set<br />
End Property<br />
Public Property Unit() As String<br />
Get<br />
Return _unitNo<br />
End Get<br />
Set(ByVal value As String)<br />
_unitNo = value<br />
End Set<br />
End Property<br />
Public Function Getrecords() As DataSet<br />
Dim nn As New NitemDAL<br />
<br />
Dim ConnectionString As SqlClient.SqlConnection = New SqlClient.SqlConnection(ConfigurationSettings.AppSettings("BBM_CONSTR"))<br />
<br />
Dim Param() As SqlClient.SqlParameter = New SqlClient.SqlParameter(0) {}<br />
Param(0) = New SqlClient.SqlParameter("@groupid", SqlDbType.Int)<br />
Param(0).Value = Group<br />
Return nn.GetDataSet("BBsearch", ConnectionString, Param)<br />
End Function<br />
In My Presentation Layer I Have Following
<br />
<br />
Private Sub btnSave_ServerClick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnSave.ServerClick<br />
Dim myBLL As New NitemBLL<br />
myBLL.Group = CInt(Me.txtBG.Value)<br />
dgFilter.DataSource = myBLL.Getrecords()<br />
dgFilter.DataBind()<br />
End Sub<br />
This is 3-tier Architecture with your help i think i Got good knowledge about 3-tier,i have a doubt that how this 3-tier will differ from N-Tier
|
|
|
|
|
Yes, Finally you did it. It's almost looks fine.
sathimailin1 wrote: Dim ConnectionString As SqlClient.SqlConnection = New SqlClient.SqlConnection(ConfigurationSettings.AppSettings("BBM_CONSTR"))
This connection you can create inside the DAL. in the constructor. You can write overloaded constructor which takes the connection string value also as parameter. Then if in next project, you are planning to change BBM_CONSTR , it won't be a problem.
sathimailin1 wrote: ConnString.Open()
cmd.Connection = ConnString
cmd.CommandText = Qry
cmd.CommandType = CommandType.StoredProcedure
Attach(cmd, SqlParams)
sqladpt.SelectCommand = cmd
sqladpt.Fill(ds)
cmd.ExecuteNonQuery()
ConnString.Close()
There is a chance for memory leakage in this code. Assume you got an error when executing the query, what will be the status of connection ? It will be kept open and your program will terminate. So to avoid this, put the database operation on try and catch blocks. Do database operation in try and dispose the object in catch/finally. This will avoid memory leakage.
|
|
|
|
|
N a v a n e e t h wrote: sathimailin1 wrote:
Dim ConnectionString As SqlClient.SqlConnection = New SqlClient.SqlConnection(ConfigurationSettings.AppSettings("BBM_CONSTR"))
This connection you can create inside the DAL. in the constructor. You can write overloaded constructor which takes the connection string value also as parameter. Then if in next project, you are planning to change BBM_CONSTR, it won't be a problem.
In DAL
<br />
<br />
Public Overloads Sub NitemDAL()<br />
Dim ConnectionString As SqlClient.SqlConnection = New SqlClient.SqlConnection(ConfigurationSettings.AppSettings("BBM_CONSTR"))<br />
End Sub<br />
Public Overloads Sub NitemDAL(ByVal ConnString As String)<br />
Dim ConnectionString As SqlClient.SqlConnection = New SqlClient.SqlConnection(ConfigurationSettings.AppSettings(ConnString))<br />
End Sub<br />
sorry to disturb you is this the way i created constructor but i am getting stuck that how to use this in this situation
<br />
Public Function GetDataSet(ByVal Qry As String, ByVal ConnString As SqlClient.SqlConnection, ByVal ParamArray SqlParams() As SqlClient.SqlParameter) As DataSet<br />
Dim cmd As New SqlClient.SqlCommand<br />
Dim sqladpt As New SqlClient.SqlDataAdapter<br />
Dim ds As New DataSet<br />
ConnString.Open()<br />
cmd.Connection = ConnString<br />
cmd.CommandText = Qry<br />
cmd.CommandType = CommandType.StoredProcedure<br />
<br />
Try<br />
Attach(cmd, SqlParams)<br />
sqladpt.SelectCommand = cmd<br />
sqladpt.Fill(ds)<br />
cmd.ExecuteNonQuery()<br />
Catch ex As Exception<br />
ex.Message.ToString()<br />
Finally<br />
ConnString.Close()<br />
ConnString.Dispose()<br />
End Try<br />
<br />
If ds.Tables(0).Rows.Count > 0 Then<br />
Return ds<br />
End If<br />
End Function<br />
|
|
|
|
|
sathimailin1 wrote: Public Overloads Sub NitemDAL()
Dim ConnectionString As SqlClient.SqlConnection = New SqlClient.SqlConnection(ConfigurationSettings.AppSettings("BBM_CONSTR"))
End Sub
Public Overloads Sub NitemDAL(ByVal ConnString As String)
Dim ConnectionString As SqlClient.SqlConnection = New SqlClient.SqlConnection(ConfigurationSettings.AppSettings(ConnString))
End Sub
Make the connection object public, then only you will get access to this in your GetDataSet() method,
|
|
|
|
|
sorry as a learner i am not able handle with constructor could you please guide me
<br />
Public ConnectionString As New SqlClient.SqlConnection<br />
Public Overloads Sub NitemDAL()<br />
ConnectionString = New SqlClient.SqlConnection(ConfigurationSettings.AppSettings("BBM_CONSTR"))<br />
End Sub<br />
<br />
IN Method i used as follows
<br />
Public Function GetDataSet(ByVal Qry As String, ByVal ConnString As SqlClient.SqlConnection, ByVal ParamArray SqlParams() As SqlClient.SqlParameter) As DataSet<br />
Dim cmd As New SqlClient.SqlCommand<br />
Dim sqladpt As New SqlClient.SqlDataAdapter<br />
Dim ds As New DataSet<br />
NitemDAL()<br />
cmd.Connection = ConnString<br />
cmd.CommandText = Qry<br />
cmd.CommandType = CommandType.StoredProcedure<br />
<br />
Try<br />
Attach(cmd, SqlParams)<br />
sqladpt.SelectCommand = cmd<br />
sqladpt.Fill(ds)<br />
cmd.ExecuteNonQuery()<br />
Catch ex As Exception<br />
ex.Message.ToString()<br />
Finally<br />
ConnString.Close()<br />
ConnString.Dispose()<br />
End Try<br />
<br />
If ds.Tables(0).Rows.Count > 0 Then<br />
Return ds<br />
End If<br />
End Function<br />
how to open and close connection, and also i need to know how to use constructor.
sathimailin
|
|
|
|
|
Hi all,
I am creating an asp button control in my code behind and I need to add the click event to that button and do some database transaction in that event.
Please help me with this...
Thanks in advance...
|
|
|
|
|
Button objButton = new Button();
objButton.Click += new EventHandler(objButton_Click);
You need a method to handle the event
private void objButton_Click(object sender,EventArgs e)
{
}
|
|
|
|
|
Thanks Navaneeth for reply. Actually I am creating this button in Ajax Tab control which is again created in code behind. Now the problem is will I get the tab info and other details on this button click event???
Thanks again...
|
|
|
|
|
ASP.NET 2.0 wrote: Now the problem is will I get the tab info and other details on this button click event???
I think you won't get it. I am not sure on this
|
|
|
|
|
You can do this way
Button btn = new Button();
btn.Click += new EventHandler(btn_click);
public void btn_click(object sender,EventArgs e)
{
//Code;
}
umesh
|
|
|
|
|
Hello coders,
i am working on ASP.NET 2.0, i have aspx page, in which master page, Content Placeholder, in this control one textbox with textbox mode is MultiLine.
my problem is if i execute the page, textbox multiline mode not working, it is behaving like a continues text, Enter key not accepting & not going to next line
what was the problem ? any sounds will be appriciated
thanks
Ramana
|
|
|
|
|
I think u can not give a fix column length to the textbox so, try this it is working
<asp:TextBox ID="txtdesc" runat ="server" MaxLength ="2000" TextMode="MultiLine"Columns ="25" Rows ="4" ></asp:TextBox>
|
|
|
|
|
thx for u r reply
i have added new textbox with specified properties, but still getting the same problem
any idea?
Ramana
|
|
|
|
|
Check your Master page and content page with following.
I am try it now and it is successfull work
<%@ Page Language="C#" MasterPageFile="~/MasterPage.master" AutoEventWireup="true" CodeFile="test.aspx.cs" Title="Welcome to World Class" %>
<asp:Content ID="Content1" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">
<asp:TextBox ID="txtdesc" runat ="server" MaxLength ="2000" TextMode ="MultiLine" Columns ="25" Rows ="4" ></asp:TextBox>
</asp:Content>
|
|
|
|
|
The multiline mode is working fine. Just verify mutiline mode is set or not.
You can't do everything...
But you can do something...
So never refuse to do something that you can.....
|
|
|
|
|
use a regular expression validator to set the maxlength for a multiline taxtbox
kavitha
|
|
|
|
|
how to use paypal payment gateway in website..
for reply
In adavance Thanks
Ajai
chaudhary
|
|
|
|
|
ajau wrote: how to use paypal payment gateway in website..
How to use google[^] to find answers ?
|
|
|
|
|
|
Now we are developing a dotnet system wich follows forms authentication with three type of roles. Now we are in a postion to restict the each role to invade others modules...
means for example The master pages sould be available for admin peoples only, if any other users who held other roles such as clients should not be allowed to browse them.
If possible send me your idea in that...
Also i wish to know how to restict a username being used for multiple login at the same time with the different mechines....
Also we require to count the number of users logged in purticular time and their detail. I humbly request you to send me the ideas to develope them in our project...
JuliusM
|
|
|
|