Should you use storeded procedures in linq to sql? - asp.net-mvc

Does someone out there use stored procedures with linq to sql and why? Should we use them? Their support is there in linq to sql. I am asking because I use to use it before my recent application.

Stored procedures are use for
Encapsulation of business logic: Stored procedures allow for business logic to be embedded as an API in the database, which can simplify data management and reduce the need to encode the logic elsewhere in client programs. This may result in a lesser likelihood of data becoming corrupted through the use of faulty client programs. Thus, the database system can ensure data integrity and consistency with the help of stored procedures.
where as linq to sql allow us to query data, to do simple insert and update but to do some complex logic we need to do the code in out class files.
Fore example consider UserLogin form :
where i have to check user exits or not, is use enter password valid or not and also have to check the authority i.e module rights FOR THIS IF I USE STORED PROCEUDRE I AN DO ALL THING IN ON SP
and if i use linq i have to do coding for check user first than have to check for the module rights one by one
Actually do not compare Stored proceudre with the linq2sql both are different things.

Related

NoSQL Injection into DynanmoDB

Does anyone know if there are any known no SQL vulnerabilities with the 'Dynogels' library when interacting with a NO SQL database.
Not using any advanced queries, only bog standard with the existing methods. query(), where(), equals() etc.
Dynogels passes supplied filter/query values using the ExpressionAttributeValues structure, which is separate from the query structure itself (FilterExpression). This is analogous to using parameterized SQL queries, which pass parameters in a separate structure from the query itself.
In other words, as long as you only use untrusted input as filter values, injection that changes the query structure should not be possible:
// Assume "req.body" is untrusted input
Table.query(req.body.key)
.filter('somecolumn').equals(req.body.somecolumn)
.exec(callback);
The above is safe, as long as it is not an application-level vulnerability to allow the user to query for any key. In all of the contexts where untrusted input is used above, it cannot possibly affect the structure of the query.
Disclosure: I am one of the maintainers of dynogels. If you find a vulnerability, please disclose it to us privately so we can address it before publishing details publicly.
Maybe not really a known issue, but dealing with input data in general, and saving it into whatever database you always have to sanitise your data to prevent injections.
As you are dealing with JSON a lot in DynanmoDB, be especially careful when deserialising user input to JSON objects and inserting or updating these objects directly into a NoSQL database. For example make sure the user cannot add extra fields into the JSON object.
It al depends on how you validate your user input.
I think it is safe to say that NoSQL databases access the database more in terms of functions, and JSON objects. You have to worry less about SQL injections than traditional string based access (TSQL) databases.

How to modify CRUD operations with Entity Framework in .NET MVC application

I need to work out how to do CRUD stuff in an MVC application, passed to me by a former colleague (I don't have any other info, just the application and the database). So I can see there is Model1.edmx and the model browser that contains MyApp.Model>EntityTypes>MyTable representation, and MyAppModel.Store that contains a representation of the table, and the Model1.Designer.cs file which has methods that look like they must be CRUD related (e.g. OnLastNameChanging, OnLastNameChanged). I can run the application and insert and update records to a db table.
What I need to know is where / how do I code other CRUD operations and use Entity Framework to work with WHERE clauses, and do stuff like update another record in a table depending on the value of a given field in the record being inserted or updated.
I've worked with MVC on one other small project but haven't really worked with entities. I'm used to the WebForms / ADO.NET / stored procedures way of doing things.
Any help gratefully received.
Happy new year!
I guess you are using database first approach.
some useful links for Code first approach:
http://www.codeproject.com/Tips/793159/Code-First-Approach-in-Entity-Framework-using-Data
other for database first approach
http://www.aspdotnet-pools.com/2014/08/insert-update-delete-operation-in.html
http://www.asp.net/mvc/overview/getting-started/getting-started-with-ef-using-mvc/implementing-basic-crud-functionality-with-the-entity-framework-in-asp-net-mvc-application

ADO.net data access srtategy in MVC application

This is not really related to Programming But I do need a answer for that if anyone know.
What are the ADO.net Data access strategies for MVC application. choices are
1-DataAdapter
2-Datareader
3-EntityFramework
5-LinqtoSQL
I know that there is a DataReader that provides stream of data from the data source and DataAdapter provides the bridge between the DataSet object and the data source but not sure if that is call Data access strategy, I know Linq to SQL and EntityFramework are the Strategies. Please help
Data Access Technology
SQL data access options available in .NET framework are; Entity Framework, LINQ to SQL and SQL client.
Solution
SQL client
SQL client requires writing custom queries or stored procedures for each data access operations and extra code work to convert them into .NET objects. This technique will be beneficial when complex and dynamic queries are used very often. SQL client provides the best performance of these three technologies but requires maximum development and maintenance effort.
LINQ to SQL
LINQ to SQL provides a simple mechanism to access SQL database and keeps development effort to minimum, but not suitable for complex data structure. Query performance generally will be slower compared to SQL client.
Entity Framework
Entity Framework provides a balance between LINQ to SQL and SQL client. It supports complex data mappings and by implementing proper Repository pattern, we can abstract the storage mechanism from business layer easily.
Selected Approach
Based on the above observations (in particular: support for complex data mappings; and simpler implementation) the proposed solution is to use Entity Framework for data access.
Note: The above description was written few years ago and may not be up-to-date. Thought it might help.
System.Data classes are need to detailed management data storage of your app. System.Data.Entity or Linq to SQL its more simply to using in small projects.

Is EntityFramework using linqtosql underneath?

I am quite new to entity frame work 4.0 and what I know from my intial analysis is entity framework is nothing but an abstraction of ado.net with its storage model, conceptual schema and the mappping between these two.But one thing I am unclear is while fetching data from database or executing any stored procedure what mechanism its following.
Is it adopting the traditional ado.net approach or is it the concept of linq2sql?
The reason I am asking this question is in our project we are not suppose to use linq for some security reason (I am not sure what this security linkage is but we have not to follow linq relegiously).
So I just wanted to know how entityframework works for performing all its db transaction and whether by any chance it is using linq to sql?
Hope I was able to convey my problem. Please look into this and respond ASAP. I am in a kind of fix :(
Regards
Subrat
No - both Linq-to-SQL and Entity Framework make good use of the LINQ features in C#/VB.NET - but they're both totally separate projects.
Linq-to-SQL was created by the C# team, more or less as a "proof-of-concept" for how to use LINQ with databases.
Entity Framework on the other hand grew out of the database teams (ADO.NET team) at Microsoft and was designed from the ground up as a full-fledged, enterprise-ready system to be the "next big thing" after straight up ADO.NET
Why using LINQ (as a technology) should have any security implications is beyond me.....
Yes - with the Linq-to-SQL approach, your application needs direct access to all underlying tables - read and write. But with EF in version 4, you can do very safe styles of work:
SELECT only from views exposed in the database
handle all the CUD operations (INSERT, UPDATE, DELETE) by wiring up your EF entities to stored procedures
With this, your applications don't need direct table read/write access at all - no different than when manually using SELECT from views and stored procedures for all other operations.

Linq To Entities, MVC, Creating Views

I have an application that I want to migrate to ASP.NET MVC. There are few stumbling blocks that I am not able to clear.
I am using the following components
Linq to Entities
MVC with Razor
Now I have three major hurdles.
The sql query is quite complex - I want to use it as it is (without Linq )
How to create a view that will display data from this query's resultset
the query involves joins on tables across multiple databases (though on the same server ) - what is the best approach to make it pure-linq in future.
I'm still learning the Entity Framework myself, but hopefully my answer will help you out a little with some advice and starting points.
If you have a complex sql query that you want to leave intact as is, your best bet is to add it as a Stored Procedure in your Database. You could then add/call the Stored Procedure using the Entity Framework. You can set up the model to use a stored procedure.
Using my suggestion in #1, I'd recommend you simply build a custom object to store the data in the structure you need it to be in. In your controller (or however you have your project set up for data/business logic) you can populate the object by using EF to call the Stored Procedure. You could then create your view and strongly type it against that object/model and display it in whatever manner it's needed in.
As for this question, I am not sure. However, I did do a quick search and hopefully this thread may help point you in a direction. EF4 cross database relationships

Resources