What's the difference Between Dynamic Linq And Building sqlstatments string At runtime ?
-
In Traditional ADO Api We can Build A customized Sql statment At runtime Ant then Send it To DB and Return the results I'm not sure But Maybe The strongly result type is one of them is there any otheres .... ???
You have To Search About The Truth Of Your Life Why Are you Here In Life ?
-
In Traditional ADO Api We can Build A customized Sql statment At runtime Ant then Send it To DB and Return the results I'm not sure But Maybe The strongly result type is one of them is there any otheres .... ???
You have To Search About The Truth Of Your Life Why Are you Here In Life ?
Well, Linq is part of the language and is more convenient to use.
Deja View - the feeling that you've seen this post before.
-
In Traditional ADO Api We can Build A customized Sql statment At runtime Ant then Send it To DB and Return the results I'm not sure But Maybe The strongly result type is one of them is there any otheres .... ???
You have To Search About The Truth Of Your Life Why Are you Here In Life ?
Another difference is that if your database scheme changes, you'll get compiler errors if you've got bad LINQ statements. With the old way, your "select missingField from whateverTable" would happily compile only to spectacularly fail at runtime.
-
In Traditional ADO Api We can Build A customized Sql statment At runtime Ant then Send it To DB and Return the results I'm not sure But Maybe The strongly result type is one of them is there any otheres .... ???
You have To Search About The Truth Of Your Life Why Are you Here In Life ?
Both Pete and Judah missed the part about "Dynamic Linq" Dynamic linq is a lib that can take strings containing Linq queries and then compile them into expression trees. So dynamic linq is not "part of the language" and is not typesafe in any way. [edit] Ofcourse it is typesafe once it has been compiled into an expression tree. But since we are still dealing with strings that needs to be parsed into something else, so it is still possible to exploit this. The authors claim that you are safe from sql injection attacks in dynamic linq, which is true since all arguments that have been parsed will be transformed into their correct types in the expression tree. But as always when parsing queries in string format, you are always vulnerable to injection attacks of some sort, eg, injecting other linq constructs into a query.. Linq Injection ;-) [/edit] See: http://weblogs.asp.net/scottgu/archive/2008/01/07/dynamic-linq-part-1-using-the-linq-dynamic-query-library.aspx[^] Anyway: The difference between ad hoc sql and ad hoc linq is that you are querying your object schema and not your database schema when using dynamic linq (just as you are when using compiled linq queries) So you will not get compile time checks on dynamic linq, but you will still be querying your object schema, this allowing some changes in your DB-Schema w/o breaking the queries. Dynamic linq is pretty much only useful when you want the users to be able to "build" queries, or god forbid, write their own :-)
Blog: http://www.rogeralsing.com Projects: http://www.puzzleframework.com
modified on Saturday, April 26, 2008 2:45 PM
-
Both Pete and Judah missed the part about "Dynamic Linq" Dynamic linq is a lib that can take strings containing Linq queries and then compile them into expression trees. So dynamic linq is not "part of the language" and is not typesafe in any way. [edit] Ofcourse it is typesafe once it has been compiled into an expression tree. But since we are still dealing with strings that needs to be parsed into something else, so it is still possible to exploit this. The authors claim that you are safe from sql injection attacks in dynamic linq, which is true since all arguments that have been parsed will be transformed into their correct types in the expression tree. But as always when parsing queries in string format, you are always vulnerable to injection attacks of some sort, eg, injecting other linq constructs into a query.. Linq Injection ;-) [/edit] See: http://weblogs.asp.net/scottgu/archive/2008/01/07/dynamic-linq-part-1-using-the-linq-dynamic-query-library.aspx[^] Anyway: The difference between ad hoc sql and ad hoc linq is that you are querying your object schema and not your database schema when using dynamic linq (just as you are when using compiled linq queries) So you will not get compile time checks on dynamic linq, but you will still be querying your object schema, this allowing some changes in your DB-Schema w/o breaking the queries. Dynamic linq is pretty much only useful when you want the users to be able to "build" queries, or god forbid, write their own :-)
Blog: http://www.rogeralsing.com Projects: http://www.puzzleframework.com
modified on Saturday, April 26, 2008 2:45 PM
Damn but you're right. I'd missed that he was asking about Dynamic LINQ.
Deja View - the feeling that you've seen this post before.