:'-(
-
The following code is copy/pasted verbatim from a live production environment (the entire project/solution is on the production file system, side-by-side with the executing code):
Private Function GrabDataSet(ByVal sSQL As String) As DataSet
Try
Dim oDAdapt As SqlClient.SqlDataAdapter
Dim oRs As New DataSet
Dim cmdSQL As String = sSQL
'oConn.Open()
oRs = New DataSet
oDAdapt = New SqlClient.SqlDataAdapter(cmdSQL, oConn)
oDAdapt.Fill(oRs)
Return oRs
oRs.Dispose()
oDAdapt.Dispose()
'oConn.Close()
Catch ex As Exception
'MsgBox(ex.Message, MsgBoxStyle.OKOnly, "Database Error")
End Try
End FunctionFound this in a web service I'm upgrading. It's hard to find anything NOT wrong with this. :((
AspDotNetDev wrote:
It's hard to find anything NOT wrong with this
M, actually no. I think there are things done right in there. What's wrong with this?
Dim oDAdapt As SqlClient.SqlDataAdapter
or this?
Dim cmdSQL As String = sSQL
And the author catches ALL exceptions, isn't that incredible? And the user doesn't even know something bad occurred, how cool is that? [Ok, ending sarcasm now :laugh: ]
Full-fledged Java/.NET lover, full-fledged PHP hater. Full-fledged Google/Microsoft lover, full-fledged Apple hater. Full-fledged Skype lover, full-fledged YM hater.
-
The following code is copy/pasted verbatim from a live production environment (the entire project/solution is on the production file system, side-by-side with the executing code):
Private Function GrabDataSet(ByVal sSQL As String) As DataSet
Try
Dim oDAdapt As SqlClient.SqlDataAdapter
Dim oRs As New DataSet
Dim cmdSQL As String = sSQL
'oConn.Open()
oRs = New DataSet
oDAdapt = New SqlClient.SqlDataAdapter(cmdSQL, oConn)
oDAdapt.Fill(oRs)
Return oRs
oRs.Dispose()
oDAdapt.Dispose()
'oConn.Close()
Catch ex As Exception
'MsgBox(ex.Message, MsgBoxStyle.OKOnly, "Database Error")
End Try
End FunctionFound this in a web service I'm upgrading. It's hard to find anything NOT wrong with this. :((
I'm always curious as to why people insist on declaring ALL variables inside a try/catch block. It's not as though declaring the first three variables there are likely to cause an exception (nor that instantiating the
DataSetandSqlDataAdapterwill cause problems).*pre-emptive celebratory nipple tassle jiggle* - Sean Ewington
"Mind bleach! Send me mind bleach!" - Nagy Vilmos
CodeStash - Online Snippet Management | My blog | MoXAML PowerToys | Mole 2010 - debugging made easier
-
I'm always curious as to why people insist on declaring ALL variables inside a try/catch block. It's not as though declaring the first three variables there are likely to cause an exception (nor that instantiating the
DataSetandSqlDataAdapterwill cause problems).*pre-emptive celebratory nipple tassle jiggle* - Sean Ewington
"Mind bleach! Send me mind bleach!" - Nagy Vilmos
CodeStash - Online Snippet Management | My blog | MoXAML PowerToys | Mole 2010 - debugging made easier
I'm fairly certain the person that made this code did not consider such things. As an example:
Dim oRs As New DataSet
' ...not so many lines later...
oRs = New DataSetAn instance is created, then shortly after another instance is created. And I really don't like when the parens aren't put after calling a constructor. :|
-
The following code is copy/pasted verbatim from a live production environment (the entire project/solution is on the production file system, side-by-side with the executing code):
Private Function GrabDataSet(ByVal sSQL As String) As DataSet
Try
Dim oDAdapt As SqlClient.SqlDataAdapter
Dim oRs As New DataSet
Dim cmdSQL As String = sSQL
'oConn.Open()
oRs = New DataSet
oDAdapt = New SqlClient.SqlDataAdapter(cmdSQL, oConn)
oDAdapt.Fill(oRs)
Return oRs
oRs.Dispose()
oDAdapt.Dispose()
'oConn.Close()
Catch ex As Exception
'MsgBox(ex.Message, MsgBoxStyle.OKOnly, "Database Error")
End Try
End FunctionFound this in a web service I'm upgrading. It's hard to find anything NOT wrong with this. :((
Aside from redundant variable declarations and swallowed exceptions, I enjoy the way the author disposes of the DataSet and DataAdapter after the method has returned. It's the only way to be sure.. Also: VB.net and inherent naming convention make me grieve for the the 18 months I lost before I moved to C# and started calling things by names that infer even the slightest insight to their usage.
-
I'm fairly certain the person that made this code did not consider such things. As an example:
Dim oRs As New DataSet
' ...not so many lines later...
oRs = New DataSetAn instance is created, then shortly after another instance is created. And I really don't like when the parens aren't put after calling a constructor. :|
AspDotNetDev wrote:
I really don't like when the parens aren't put after calling a constructor
I seem to remember reading somewhere that the VB editor removes the parens from the default constructor. That was an old version, but it wouldn't surprise me if this behaviour was still present.
*pre-emptive celebratory nipple tassle jiggle* - Sean Ewington
"Mind bleach! Send me mind bleach!" - Nagy Vilmos
CodeStash - Online Snippet Management | My blog | MoXAML PowerToys | Mole 2010 - debugging made easier
-
AspDotNetDev wrote:
I really don't like when the parens aren't put after calling a constructor
I seem to remember reading somewhere that the VB editor removes the parens from the default constructor. That was an old version, but it wouldn't surprise me if this behaviour was still present.
*pre-emptive celebratory nipple tassle jiggle* - Sean Ewington
"Mind bleach! Send me mind bleach!" - Nagy Vilmos
CodeStash - Online Snippet Management | My blog | MoXAML PowerToys | Mole 2010 - debugging made easier
Just tested it. VB doesn't remove them but it doesn't add them neither so if you type them yourself they'll stay there. :)
-
Aside from redundant variable declarations and swallowed exceptions, I enjoy the way the author disposes of the DataSet and DataAdapter after the method has returned. It's the only way to be sure.. Also: VB.net and inherent naming convention make me grieve for the the 18 months I lost before I moved to C# and started calling things by names that infer even the slightest insight to their usage.
Trying to open a MessageBox in a webservice in case of an exception is also not the brightest idea. It was probably commented out because of 'unexpected' side effects, like somebody having to go to the server to click it away :)
At least artificial intelligence already is superior to natural stupidity
-
Trying to open a MessageBox in a webservice in case of an exception is also not the brightest idea. It was probably commented out because of 'unexpected' side effects, like somebody having to go to the server to click it away :)
At least artificial intelligence already is superior to natural stupidity
-
The following code is copy/pasted verbatim from a live production environment (the entire project/solution is on the production file system, side-by-side with the executing code):
Private Function GrabDataSet(ByVal sSQL As String) As DataSet
Try
Dim oDAdapt As SqlClient.SqlDataAdapter
Dim oRs As New DataSet
Dim cmdSQL As String = sSQL
'oConn.Open()
oRs = New DataSet
oDAdapt = New SqlClient.SqlDataAdapter(cmdSQL, oConn)
oDAdapt.Fill(oRs)
Return oRs
oRs.Dispose()
oDAdapt.Dispose()
'oConn.Close()
Catch ex As Exception
'MsgBox(ex.Message, MsgBoxStyle.OKOnly, "Database Error")
End Try
End FunctionFound this in a web service I'm upgrading. It's hard to find anything NOT wrong with this. :((
I might use this as a test question for students to identify all mistakes. It would worth an easy 5 marks. I love the hint that the connection is opened at some stage and then left open. Bonus mark for picking that up. In fact maybe there whole ADO.NET component of the test could be that one question :laugh:
"You get that on the big jobs."
-
It's funny that it's called GrabDataSet instead of GetDataSet. What are you gonna do? Squeeze it until the data flows out. :)
Chris Meech I am Canadian. [heard in a local bar] In theory there is no difference between theory and practice. In practice there is. [Yogi Berra] posting about Crystal Reports here is like discussing gay marriage on a catholic church’s website.[Nishant Sivakumar]
He he he Chris, The best comeback I have for that is "But ... Get did not work "
-
I'm fairly certain the person that made this code did not consider such things. As an example:
Dim oRs As New DataSet
' ...not so many lines later...
oRs = New DataSetAn instance is created, then shortly after another instance is created. And I really don't like when the parens aren't put after calling a constructor. :|
Whaddyaknow Thats a straight copy from MSDN
-
I'm fairly certain the person that made this code did not consider such things. As an example:
Dim oRs As New DataSet
' ...not so many lines later...
oRs = New DataSetAn instance is created, then shortly after another instance is created. And I really don't like when the parens aren't put after calling a constructor. :|
-
The following code is copy/pasted verbatim from a live production environment (the entire project/solution is on the production file system, side-by-side with the executing code):
Private Function GrabDataSet(ByVal sSQL As String) As DataSet
Try
Dim oDAdapt As SqlClient.SqlDataAdapter
Dim oRs As New DataSet
Dim cmdSQL As String = sSQL
'oConn.Open()
oRs = New DataSet
oDAdapt = New SqlClient.SqlDataAdapter(cmdSQL, oConn)
oDAdapt.Fill(oRs)
Return oRs
oRs.Dispose()
oDAdapt.Dispose()
'oConn.Close()
Catch ex As Exception
'MsgBox(ex.Message, MsgBoxStyle.OKOnly, "Database Error")
End Try
End FunctionFound this in a web service I'm upgrading. It's hard to find anything NOT wrong with this. :((
I am trying to learn better development practices so I would gratified if somebody could confirm what I see as well as show me the ideal replacement for this code. Issues with the code 1) Sending in a SQL statement seems to be invitation for SQL injection 2) Exception handling seems to have been done exclusively so that the end user never sees a problem and nothing else 3) The Dispose statements seem to be useless . Now is it good practice to open and close database connections , I have been reading elsewhere about using the Singleton pattern for database connections which in some cases do leave the connection open. Why is it essential to use dispose for the objects that were declared inside the function ? We know that they will be returned to the GC as soon as the function exits.
-
I am trying to learn better development practices so I would gratified if somebody could confirm what I see as well as show me the ideal replacement for this code. Issues with the code 1) Sending in a SQL statement seems to be invitation for SQL injection 2) Exception handling seems to have been done exclusively so that the end user never sees a problem and nothing else 3) The Dispose statements seem to be useless . Now is it good practice to open and close database connections , I have been reading elsewhere about using the Singleton pattern for database connections which in some cases do leave the connection open. Why is it essential to use dispose for the objects that were declared inside the function ? We know that they will be returned to the GC as soon as the function exits.
Regarding the issues, there are a few more, like initializing a variable only to re-initialize a few lines later, and others. In .NET especially, there is connection pooling for database connections, meaning that even after you close a connection, the connection is kept alive by the framework, and next time you open the connection, the existing connection will be reused. No comment on the Singleton pattern. It is considered a best practice to always call the
Disposemethod on a Class that implements IDisposable. This is why there is ausing (resource) { }
construct built into the language. Classes usually implement
IDisposableto indicate that they are using external resources which need to be released once you are finished with the class. In .NET, once a method has completed (returned), any instances created that have no other references can be collected by the Garbage Collector (GC). However, because the GC decides to clean the memory in its own time, this can sometimes mean that instances remain alive for longer than necessary. For example, on a computer with a lot of RAM, the GC may not run for a long time, as there is no issue with Memory. Another issue with relying on the GC is that the GC will not call theDisposemethod on an instance, as it doesn't know anything aboutIDisposable. What it does is call theFinalizemethod (known as the Finalizer), which all classes inherit fromObject. However, the way in which GC calls the Finalizer means that the instance has to be kept alive for longer than absolutely necessary, at minimum until the next GC collection. Additionally, not all classes necessarily implement a Finalizer. If a class used external resources, such as a file or a database connection and doesn't release the resource, the external resources may remain inaccessible even after the .NET application closes. -
The following code is copy/pasted verbatim from a live production environment (the entire project/solution is on the production file system, side-by-side with the executing code):
Private Function GrabDataSet(ByVal sSQL As String) As DataSet
Try
Dim oDAdapt As SqlClient.SqlDataAdapter
Dim oRs As New DataSet
Dim cmdSQL As String = sSQL
'oConn.Open()
oRs = New DataSet
oDAdapt = New SqlClient.SqlDataAdapter(cmdSQL, oConn)
oDAdapt.Fill(oRs)
Return oRs
oRs.Dispose()
oDAdapt.Dispose()
'oConn.Close()
Catch ex As Exception
'MsgBox(ex.Message, MsgBoxStyle.OKOnly, "Database Error")
End Try
End FunctionFound this in a web service I'm upgrading. It's hard to find anything NOT wrong with this. :((
-
I am trying to learn better development practices so I would gratified if somebody could confirm what I see as well as show me the ideal replacement for this code. Issues with the code 1) Sending in a SQL statement seems to be invitation for SQL injection 2) Exception handling seems to have been done exclusively so that the end user never sees a problem and nothing else 3) The Dispose statements seem to be useless . Now is it good practice to open and close database connections , I have been reading elsewhere about using the Singleton pattern for database connections which in some cases do leave the connection open. Why is it essential to use dispose for the objects that were declared inside the function ? We know that they will be returned to the GC as soon as the function exits.
-
The following code is copy/pasted verbatim from a live production environment (the entire project/solution is on the production file system, side-by-side with the executing code):
Private Function GrabDataSet(ByVal sSQL As String) As DataSet
Try
Dim oDAdapt As SqlClient.SqlDataAdapter
Dim oRs As New DataSet
Dim cmdSQL As String = sSQL
'oConn.Open()
oRs = New DataSet
oDAdapt = New SqlClient.SqlDataAdapter(cmdSQL, oConn)
oDAdapt.Fill(oRs)
Return oRs
oRs.Dispose()
oDAdapt.Dispose()
'oConn.Close()
Catch ex As Exception
'MsgBox(ex.Message, MsgBoxStyle.OKOnly, "Database Error")
End Try
End FunctionFound this in a web service I'm upgrading. It's hard to find anything NOT wrong with this. :((
Maybe the Republicans are correct when they say "Outsourcing is good for the economy." It keeps all of us employed rewriting all that crap code!
A guide to posting questions on CodeProject[^]
Dave Kreskowiak -
Regarding the issues, there are a few more, like initializing a variable only to re-initialize a few lines later, and others. In .NET especially, there is connection pooling for database connections, meaning that even after you close a connection, the connection is kept alive by the framework, and next time you open the connection, the existing connection will be reused. No comment on the Singleton pattern. It is considered a best practice to always call the
Disposemethod on a Class that implements IDisposable. This is why there is ausing (resource) { }
construct built into the language. Classes usually implement
IDisposableto indicate that they are using external resources which need to be released once you are finished with the class. In .NET, once a method has completed (returned), any instances created that have no other references can be collected by the Garbage Collector (GC). However, because the GC decides to clean the memory in its own time, this can sometimes mean that instances remain alive for longer than necessary. For example, on a computer with a lot of RAM, the GC may not run for a long time, as there is no issue with Memory. Another issue with relying on the GC is that the GC will not call theDisposemethod on an instance, as it doesn't know anything aboutIDisposable. What it does is call theFinalizemethod (known as the Finalizer), which all classes inherit fromObject. However, the way in which GC calls the Finalizer means that the instance has to be kept alive for longer than absolutely necessary, at minimum until the next GC collection. Additionally, not all classes necessarily implement a Finalizer. If a class used external resources, such as a file or a database connection and doesn't release the resource, the external resources may remain inaccessible even after the .NET application closes.Thank you for your comments. I had no idea that GC uses some form of Lazy scheduling. Any pointers on documentation that would guide me towards the accepted standards for .Net programming?
-
The following code is copy/pasted verbatim from a live production environment (the entire project/solution is on the production file system, side-by-side with the executing code):
Private Function GrabDataSet(ByVal sSQL As String) As DataSet
Try
Dim oDAdapt As SqlClient.SqlDataAdapter
Dim oRs As New DataSet
Dim cmdSQL As String = sSQL
'oConn.Open()
oRs = New DataSet
oDAdapt = New SqlClient.SqlDataAdapter(cmdSQL, oConn)
oDAdapt.Fill(oRs)
Return oRs
oRs.Dispose()
oDAdapt.Dispose()
'oConn.Close()
Catch ex As Exception
'MsgBox(ex.Message, MsgBoxStyle.OKOnly, "Database Error")
End Try
End FunctionFound this in a web service I'm upgrading. It's hard to find anything NOT wrong with this. :((
-
Just tested it. VB doesn't remove them but it doesn't add them neither so if you type them yourself they'll stay there. :)
VB only requires parens when it's necessary to add parameters. Otherwise, you can slip by without them.
XAlan Burkhart