Object in session question

[Guest]

I'm on a project where the prevoius developer wrote code like below. I
thought stuff like this was bad? Isn't he putting a page into a session
object? And what we are trying to do is hit the db via a Stored Proc to
create a datatable in most cases. This seems like a waste to me. Is this good?

Public Shared Function getSQL(ByRef thePage As Page) As ProjectName.SQLServer

If thePage.Session("mySQLInit") = "1" Then

Return thePage.Session("mySQL")
End If

thePage.Session("mySQL") = New ProjectName.SQLServer
thePage.Session("mySQLInit") = "1"

Return thePage.Session("mySQL")
End Function

And then shoots to the SP to create datatable:

Sub FillDataGrid(ByRef gridData As System.Web.UI.WebControls.DataGrid, ByVal
SQL As String, Optional ByVal bAddNew As Boolean = False)

Dim cnn As SqlConnection = New
SqlConnection(ConfigurationSettings.AppSettings().Item("ConnectionString"))

Dim dt As DataTable = New DataTable("")
Dim dr As DataRow

Dim objDA As SqlClient.SqlDataAdapter
objDA = New SqlClient.SqlDataAdapter

dt = ExecSQLReturnDT(SQL, objDA)

If bAddNew Then
dr = dt.NewRow
dt.Rows.InsertAt(dr, 0)
gridData.EditItemIndex = 0
End If

gridData.DataSource = dt
gridData.DataBind()

End Sub

And I see dozens of this:

page.Page.Session("psedit_PSHistoryID") = ""

 

[Hans Kesting]

I'm on a project where the prevoius developer wrote code like below. I
thought stuff like this was bad? Isn't he putting a page into a session
object? And what we are trying to do is hit the db via a Stored Proc to
create a datatable in most cases. This seems like a waste to me. Is this good?

Public Shared Function getSQL(ByRef thePage As Page) As ProjectName.SQLServer

If thePage.Session("mySQLInit") = "1" Then

Return thePage.Session("mySQL")
End If

thePage.Session("mySQL") = New ProjectName.SQLServer
thePage.Session("mySQLInit") = "1"

Return thePage.Session("mySQL")
End Function

the "thePage" is a reference to some Page object. (I don't
think you need the "ByRef" keyword here though, you don't
need to pass the reference itself by reference)
This page is used to get at the session, where a
"ProjectName.SQLServer" object is stored/retrieved (whatever
that may be).

A different (better?) way to get at the session would
be through HttpContent.Current.Session.

And then shoots to the SP to create datatable:

Sub FillDataGrid(ByRef gridData As System.Web.UI.WebControls.DataGrid, ByVal
SQL As String, Optional ByVal bAddNew As Boolean = False)

Dim cnn As SqlConnection = New
SqlConnection(ConfigurationSettings.AppSettings().Item("ConnectionString"))

Dim dt As DataTable = New DataTable("")
Dim dr As DataRow

Dim objDA As SqlClient.SqlDataAdapter
objDA = New SqlClient.SqlDataAdapter

dt = ExecSQLReturnDT(SQL, objDA)

If bAddNew Then
dr = dt.NewRow
dt.Rows.InsertAt(dr, 0)
gridData.EditItemIndex = 0
End If

gridData.DataSource = dt
gridData.DataBind()

End Sub

This DataTable is an internal structure, not a sql table.
One problem here could be that a complete sql-string is passed.
If you use values that are entered by users, then you could
be vulnerable to sql-injection attacks.

And I see dozens of this:

page.Page.Session("psedit_PSHistoryID") = ""

Again a roundabout way to get at the session. I don't
think the extra ".Page" is needed.
Is really an empty string what is wanted here? You can
also "Remove" items completely from the session.

 

[Kevin Spencer]

I hate to embarass you, but no, he's not putting a Page into a Session
variable. If you just read the code, the Function takes a Page as a
parameter, and conditionally sets a Session variable for the Page's Session.
I wouldn't call it elegant, but I wouldn't call it wrong either, at least
without knowing what kind of class "ProjectName.SQLServer" is.

What exactly is your problem with this code? Using Session? It wouldn't be
in the CLR if Microsoft didn't think it was useful for something at least.

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
Neither a follower nor a lender be.

 

[Karl Seguin]

Chris,
Perhaps I misunderstood, but what do you see as the problem? Simply the use
of sessions? You said "isn't he putting a page into a session object?" not
sure what you mean by this, but no he isn't. He doesn't do
Session("CurrentPage") = Page ....

Sessions are bad only when used incorrectly. You haven't given us quite
enough scope to really pass judgement...I would guess that a lot of this
could probably be rewritten without sessions...and probably be better for it

Karl

 

[Guest]

Well I have always used session values but have kept it to a select few. I
see in this app dozens upon dozens to control things as simple as a report
name on a single page. Setting and using them as <> "" and = "". Then I
thought that simple datagrid population could be improved using functions,
etc. but to pass the SQL statement around, etc. seemed over kill? I could be
wrong. And there is a view and SP for each activity, most occuring once (not
reused again in the app).
On a separate subject, I've been reading about keeping the logic in the
business layer and not using SP's. I wonder what the true loss in eff is?

Thanx everyone for the input. We learn something new everyday.

 

[Kevin Spencer]

Again, the code you're describing is certainly not elegant. However, it does
work. As far as architecture is concerned, the architecture you described
can certainly use improvement. If you have the time, the inclination, and
the design skill, you could certainly rewrite the architecture in a much
better fashion. As for the details, if you ask here you'll get a plethora of
opinions. And as Uncle Chutney sez, "not only does everyone have one, but
they all stink." Your best bet would be to get a good hold of design
concepts and come up with your own (or leave well enough alone, it's up to
you).

On a separate subject, I've been reading about keeping the logic in the
business layer and not using SP's. I wonder what the true loss in eff is?

Sounds like an overdose of opinions. Your best information can be found in
the .Net SDK, which is a free download.from:

http://www.microsoft.com/downloads/...A6-3647-4070-9F41-A333C6B9181D&displaylang=en

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
Neither a follower nor a lender be.

 

[Guest]

note if you are using VS.NET the SDK is not needed, nor is it suggested you
install.

I think that listening to others opinion, help one form his own. Experience
is just as important as Education. I always say use the advise that you want
to use, that makes sense to you. No harm.

why point me to the SDK when this is more of a topic of design perference.
MS discusses both coding techniques. I was just curious as to what others do.
What MS suggests might not always be what is done. I like the idea of keeping
the code/logic on the page so you don't have to go on a hunt for it. Now what
performance hits this causes, I'm not sure. But if you code for a more
univerisal back-end then you don't have a choice.

thanx for your input.

 

[Kevin Spencer]

note if you are using VS.NET the SDK is not needed, nor is it suggested

you
install.

I would have to disagree with this point. I have several versions of Visual
Studio, and I have the .Net SDK installed. I use it every day.

I think that listening to others opinion, help one form his own.
Experience
is just as important as Education. I always say use the advise that you
want
to use, that makes sense to you. No harm.

I would have to disagreee with this as well. Listening to others opinions
doesn't help anything. It only muddies the water. As Uncle Chutney sez
"Opinion is a poor substitute for fact." Not everything in the universe is a
matter of opinion. Some things, like technology, are matters of fact.

When I don't know something, I don't ask for opinions. I research.

Finally, if you follow others, you will never become better than those you
follow. And on the Internet, you have no idea who your mentors are. If you
teach yourself to teach yourself, you will fulfill your own potential to its
fullest.

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
Neither a follower nor a lender be.