Friday, May 4, 2007

What is difference between ExecuteReader, ExecuteNonQuery and ExecuteScalar.

  • ExecuteReader : Use for accessing data. It provides a forward-only, read-only, connected recordset.
  • ExecuteNonQuery : Use for data manipulation, such as Insert, Update, Delete.
  • ExecuteScalar : Use for retriving 1 row 1 col. value., i.e. Single value. eg: for retriving aggregate function. It is faster than other ways of retriving a single value from DB.

Improving Performance with Connection Pooling

Opening a connection is a database-intensive task. It can be one of the slowest operations that you perform in an ASP.NET page. Furthermore, a database has a limited supply of connections, and each connection requires a certain amount of memory overhead (approximately 40 kilobytes per connection).

If you plan to have hundreds of users hitting your Web site simultaneously, the process of opening a database connection for each user can have a severe impact on the performance of your Web site.

Fortunately, you can safely ignore these bad warnings if you take advantage of connection pooling. When database connections are pooled, a set of connections is kept open so that they can be shared among multiple users. When you request a new connection, an active connection is removed from the pool. When you close the connection, the connection is placed back in the pool.

Connection pooling is enabled for both OleDb and SqlClient connections by default.

To take advantage of connection pooling, you must be careful to do two things in your ASP.NET pages. First, you must be careful to use the same exact connection string whenever you open a database connection. Only those connections opened with the same connection string can be placed in the same connection pool. For this reason you should place your connection string in the web.config file and retrieve it from this file whenever you need to open a connection

To take advantage of connection pooling in your ASP.NET pages, you also must be careful to explicitly close whatever connection you open as quickly as possible. If you do not explicitly close a connection with the Close() method, the connection is never added back to the connection pool.

connection pooling options that you can add to the SQL Server connection string:

  • Connection Lifetime— Destroys a connection after a certain number of seconds. The default value is 0, which indicates that connections should never be destroyed.
  • Connection Reset— Indicates whether connections should be reset when they are returned to the pool. The default value is true.
  • Enlist— Indicates whether a connection should be automatically enlisted in the current transaction context. The default value is true.
  • Max Pool Size— The maximum number of connections allowed in a single connection pool. The default value is 100.
  • Min Pool Size— The minimum number of connections allowed in a single connection pool. The default value is 0.
  • Pooling— Determines whether connection pooling is enabled or disabled. The default value is true.

Strongly Typed Dataset Object

Strongly typed Dataset object allows you to create early-bound data retrieval expression.

Advantage of Strongly Typed dataset

  • It is faster than late-bound data retrieval expression.
  • Its column name is shown in intellisense as you type code.

Difference between Dataset and DataReader : Points to be consider while choosing between the DataSet and DataReader objects

DataSet object

DataReader object

Read/Write access

Read-only access

Supports multiple tables from different databases

Supports a single table based on a single SQL query of one database

Disconnected mode

Connected mode

Bind to multiple controls

Bind to a single control

Forward and backward scanning of data

Forward-only scanning of data

Slower access to data

Faster access to data

Greater overhead to enable additional features

Lightweight object with very little overhead

Supported by Visual Studio .NET tools

Must be manually coded

Thursday, May 3, 2007

SQL Injection Problem

SQL injection is a strategy for attacking databases.

An ASP page asks the user for a name and a password, and then sends the following string to the database:
SELECT FROM users WHERE username = 'whatever' AND password = 'mypassword'

It seems safe, but it isn't. A user might enter something like this as her user name:
' OR 1>0 --

When this is plugged into the SQL statement, the result looks like this:
SELECT FROM users WHERE username = '' OR 1>0 -- AND password = ''

This injection comments out the password portion of the statement. It results in a list of all the names in the users table, so any user could get into your system.

The easiest way to prevent this sort of injection is to parse the SQL string and remove any occurrences of "--" before passing the statement.

Example 2:
You also have to beware of injections that contain semicolons because semicolons delimit SQL statements. Think about the implications of a user name like this:
' OR 1>0 ; DELETE Customers ; --

There are numerous ways a malicious user might penetrate your system using SQL injection and various defenses, but the simplest approach is to avoid dynamic SQL. Instead, use stored procedures everywhere. Thanks to the way SQL passes parameters, injections such as those above will produce errors, and the stored procedure will not execute.

Saturday, April 7, 2007

Explain DataView

It provides a means to filter and sort data within a data table.
DataView myDataView = new DataView(myDataSet.Tables["Customers"]);

// Sort the view based on the FirstName column
myDataView.Sort = "CustomerID";

// Filter the dataview to only show customers with the CustomerID of ALFKI
myDataView.RowFilter = "CustomerID='ALFKI'";

Explain DataAdapter Object

It populates dataset from data source. It contains a reference to the connection object and opens and closes the connection automatically when reading from or writing to the database.

SqlDataAdapter daEmp = new SqlDataAdapter( "select EmpID, EmpName, Salary from Employees", conn);

Fill Method
It is used to populate dataset.
example: daEmp.Fill(dsEmp,"Employee");

Update Method
It is used to update database.
example: daEmp.Update(dsEmp,"Employee");

Explain DataSet Object

Dataset is a disconnected, in-memory representation of data. It can contain multiple data table from different database.

They contain multiple Datatable objects, which contain columns and rows, just like normal data base tables. You can even define relations between tables to create parent-child relationships.

DataSet dsEmp = new DataSet();

For more understanding look for DataAdapter Object

Explain DataReader Object

It provides a forward-only, read-only, connected recordset.

It is most efficient to use when data need not to be updated, and requires forward only traverse. In other words, it is the fastest method to read data.


  1. Filling dropdownlistbox.
  2. Comparing username and password in database.

SqlDataReader rdr = cmd.ExecuteReader();

//Reading data

while (rdr.Read())

//Display data

string contact = (string)rdr["ContactName"];
string company = (string)rdr["CompanyName"];
string city = (string)rdr["City"];


What is Command Object

It allows to manipulate database by executing stored procedure or sql statements.

A SqlCommand object allows you to specify what type of interaction you want to perform with a data base.

For example, you can do select, insert, modify, and delete commands on rows of data in a data base table.
SqlCommand cmd = new SqlCommand("select * from Employees", conn);

What is Connection Object

It establishes connection.
The connection helps identify the data base server, the data base name, user name, password, and other parameters that are required for connecting to the data base.

SqlConnection conn = new SqlConnection( "Data Source=(local);Initial Catalog=Northwind;Integrated Security=SSPI");

What is Data Provider

A set of libraries that is used to communicate with data source. Eg: SQL data provider for SQL, Oracle data provider for Oracle, OLE DB data provider for access, excel or mysql.

What is Data Source

It can be a database, text file, excel spread sheet or an XML file.

Name ADO.NET Objects

  1. Connection Object
  2. Command Object
  3. DataReader Object
  4. DataSet Object
  5. DataAdapter Object

Difference between Dataset and ADO Recordset

A DataSet can represent an entire relational database in memory, complete with tables, relations, and views.
· A DataSet is designed to work without any continuing connection to the original data source.
· Data in a DataSet is bulk-loaded, rather than being loaded on demand.
· There's no concept of cursor types in a DataSet.
· DataSets have no current record pointer You can use For Each loops to move through the data.
· You can store many edits in a DataSet, and write them to the original data source in a single operation.
· Though the DataSet is universal, other objects in ADO.NET come in different versions for different data sources.

Difference between ADO and

1. ADO used connected data usage, while used disconnected data environment.
2. ADO used OLE DB to access data and is COM-based, while uses XML as the format for transmitting data to and from your database and web application.
3. In ADO, Record set, is like a single table or query result, while in Dataset, can contain multiple tables from any data source.
4. In ADO, it is sometime problematic because firewall prohibits many types of request, while in there is no such problem because XML is completely firewall-proof.

What is is data access architecture for the Microsoft .NET Framework.

ADO.NET is an object-oriented set of libraries that allows you to interact with data sources. Commonly, the data source is a data base, but it could also be a text file, an Excel spread sheet, or an XML file.

Saturday, March 3, 2007

Connection Open Error : SQLDataReader makes exclusive use of connection

The SQLDataReader object makes exclusive use of its SQLConnection object as long as it is open. You are not able to execute any other SqlCommand objects on that connection as long as the SQLDataReader object is open. Therefore, you should always call SQLDataReader.close() as soon as you are done retrieving data.

Most Recent Post

Most Recent FAQ

Most Recent .Net Framework FAQ

Most Recent Configuration Files FAQ

Daily Quote, Inspiration, Motivation and More

Subscribe Blog via Email

Enter your email address: