C-omega vs ADO.net

C ω is an exploration by Microsoft Research Institute for the next generation of languages. It extends the C # function to better support data access (SQL and XML) and concurrency control.

C ω hopes to develop more reliable and better maintainability software. An important concept is "Early error detection ".

In the following database query example, this is well reflected.

Now I want to get a list of employee names in a city. (Use the SQL-Server pre-installed Northwind database)

The simplest implementation is as follows:

 

SqlDataAdapter da = new SqlDataAdapter ("SELECT * FROM Employees WHERE City = '" + city + "'", nwindConn );

DataSet ds = new DataSet ();

Da. Fill (ds, "Employees ");

Foreach (DataRow dr in ds. Tables ["Employees"]. Rows)

{

String name = dr ["LastName"]. ToString ();

Int id = (int) dr ["EmployeeID"];

Console. WriteLine (id + ":" + name );

}

Let's take a look at what is prone to errors:

1. city parameters may be exploited by SQL injection attacks.

2. The data type is weak and requires forced conversion, which is prone to Runtime error.

3. The table name and column name are both text, not type variables. The compiler cannot perform the check, and Runtime error may occur easily.

(I think many people have encountered the problem of wrong table names, leading to database access errors, while debugging has been running for a long time .)

4. the query statement is also a text, and it cannot be checked for errors through compilation, which is prone to Runtime errors.

By using SqlParameters and Typed DataSet, we can avoid the first three problems.

SqlDataAdapter da = new SqlDataAdapter ("SELECT * FROM Employees WHERE City = @ city", nwindConn );

SqlParameter cityParam = da. SelectCommand. Parameters. Add ("@ city", SqlDbType. VarChar, 80 );

CityParam. Value = city;

NorthwindDataSet ds = new NorthwindDataSet ();

Da. Fill (ds, ds. Employees. TableName );

Foreach (NorthwindDataSet. EmployeesRow dr in ds. Employees. Rows)

{

String name = dr. LastName;

Int id = dr. EmployeeID;

Console. WriteLine (id + ":" + name );

}

However, the fourth problem still persists. Maybe you think of SQL stored procedure, like the following:

Create procedure EmployeesForCity

@ City nvarchar (80)

SELECT EmployeeID, LastName FROM Employees WHERE City = @ City



SqlCommand cmd = new SqlCommand ("dbo. EmployeesForCity", nwindConn );

Cmd. CommandType = CommandType. StoredProcedure;

SqlParameter cityParam = cmd. Parameters. Add ("@ city", SqlDbType. VarChar, 80 );

CityParam. Value = city;

SqlDataAdapter da = new SqlDataAdapter (cmd );

NorthwindDataSet ds = new NorthwindDataSet ();

Da. Fill (ds, ds. EmployeesForCity. TableName );

Foreach (NorthwindDataSet. EmployeesForCityRow dr in ds. EmployeesForCity. Rows)

{

String name = dr. LastName;

Int id = dr. EmployeeID;

Console. WriteLine (id + ":" + name );

}

Although SQL query statements cannot be checked by the compiler, at least we can verify stored procedure in SQL-server first,

Running our program again is much better than Runtime error. But if the stored procedure is changed, or the database is changed,

Then we will see the Runtime error again. The root cause of the problem is that the connection between our code and the database is too weak. For example

A small program is so prone to problems, so we should not talk about the large applications closely related to the database.

Let's take a look at the C-omega solution:

Rows = select * from DB. Employees where City = city;

Foreach (row in rows)

{

String name = row. LastName. Value;

Int id = row. EmployeeID. Value;

Console. WriteLine (id. ToString () + ":" + name );

}

Note the above Code:

1. You can directly add the local variable city to an SQL statement without being attacked by SQL injection.

2. The result set is strongly typed, meaning that we know the database structure during program compilation, and even can use VS.net

The smart sensing (automatically completed) function.

3. the type names are not even used before rows and row, but they are all strongly typed.

4. text type information is no longer contained, avoiding human input errors.

5. The program has been connected to the database during compilation. When the database changes, an error will be reported in the compiler.

If you do not like SQL syntax, you can use three lines of code to complete all the preceding tasks.

DB. Employees [City = city]. {

Console. WriteLine (it. EmployeeID + ":" + t. LastName );

};

From c ++ to C #, we often hear that c # is type-safe. What is type security? That is,. Net Runtime supports type checks during the compilation period. That is to say, try to change the Runtime error to Compile error. We can see that C ω has taken another step in this regard.

Note: In view of personal level and data reasons, the author implements the internal mechanism and conducts in-depth research.

BTW recently launched a new Yahoo360-level device for Yahoo. It also invited friends who wanted to go and check it out.