Methods to search for a client in MySQL by ID or by phone
up vote
1
down vote
favorite
I have this code that returns a client object, but to do it I use two methods.
How can I improve this to be more efficient and ensure it meets common standards?
//Method that returns a client from a string
private static Cliente ObtenerCliente(string query)
{
try
{
abrirConexion(); //Static method that opens a connection
cmd = new MySqlCommand(query, mySqlConexion);
MySqlDataReader dataReader = cmd.ExecuteReader();
if (dataReader.Read())
{
return new Cliente(
Convert.ToInt32(dataReader["id_cliente"]),
dataReader["nombre_cliente"].ToString());
}
else
{
dataReader.Close();
return null;
}
}
catch (MySqlException e)
{
MessageBox.Show(e.ToString());
return null;
}
finally
{
cerrarConexion(); //Static method that closes the connection
}
}
//Method that returns a customer from a phone number given
public static Cliente ObtenerCliente_Telefono(string telefono)
{
string query = "SELECT * FROM clientes WHERE (telefono1_cliente = '" + telefono + "' OR telefono2_cliente = '" + telefono + "');";
return ObtenerCliente(query); //Metodo que hace la consulta
}
public static Cliente ObtenerCliente_Id(int id)
{
string query = "SELECT * FROM clientes WHERE id_cliente = " + id + ';';
return ObtenerCliente(query);
}
c# mysql
add a comment |
up vote
1
down vote
favorite
I have this code that returns a client object, but to do it I use two methods.
How can I improve this to be more efficient and ensure it meets common standards?
//Method that returns a client from a string
private static Cliente ObtenerCliente(string query)
{
try
{
abrirConexion(); //Static method that opens a connection
cmd = new MySqlCommand(query, mySqlConexion);
MySqlDataReader dataReader = cmd.ExecuteReader();
if (dataReader.Read())
{
return new Cliente(
Convert.ToInt32(dataReader["id_cliente"]),
dataReader["nombre_cliente"].ToString());
}
else
{
dataReader.Close();
return null;
}
}
catch (MySqlException e)
{
MessageBox.Show(e.ToString());
return null;
}
finally
{
cerrarConexion(); //Static method that closes the connection
}
}
//Method that returns a customer from a phone number given
public static Cliente ObtenerCliente_Telefono(string telefono)
{
string query = "SELECT * FROM clientes WHERE (telefono1_cliente = '" + telefono + "' OR telefono2_cliente = '" + telefono + "');";
return ObtenerCliente(query); //Metodo que hace la consulta
}
public static Cliente ObtenerCliente_Id(int id)
{
string query = "SELECT * FROM clientes WHERE id_cliente = " + id + ';';
return ObtenerCliente(query);
}
c# mysql
Welcome to Code Review! I edited your question a bit in hopes that it wouldn't be flagged as off-topic. If I significantly changed what you meant, please just let me know and we can fix it.
– Raystafarian
Mar 26 at 6:04
3
Mandatory reading for understanding SQL injection.
– Roland Illig
Mar 26 at 20:21
Instead of writing ADO.NET code, why not use Dapper? github.com/StackExchange/Dapper/blob/master/Dapper.Tests/…
– BCdotWEB
Oct 25 at 9:32
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I have this code that returns a client object, but to do it I use two methods.
How can I improve this to be more efficient and ensure it meets common standards?
//Method that returns a client from a string
private static Cliente ObtenerCliente(string query)
{
try
{
abrirConexion(); //Static method that opens a connection
cmd = new MySqlCommand(query, mySqlConexion);
MySqlDataReader dataReader = cmd.ExecuteReader();
if (dataReader.Read())
{
return new Cliente(
Convert.ToInt32(dataReader["id_cliente"]),
dataReader["nombre_cliente"].ToString());
}
else
{
dataReader.Close();
return null;
}
}
catch (MySqlException e)
{
MessageBox.Show(e.ToString());
return null;
}
finally
{
cerrarConexion(); //Static method that closes the connection
}
}
//Method that returns a customer from a phone number given
public static Cliente ObtenerCliente_Telefono(string telefono)
{
string query = "SELECT * FROM clientes WHERE (telefono1_cliente = '" + telefono + "' OR telefono2_cliente = '" + telefono + "');";
return ObtenerCliente(query); //Metodo que hace la consulta
}
public static Cliente ObtenerCliente_Id(int id)
{
string query = "SELECT * FROM clientes WHERE id_cliente = " + id + ';';
return ObtenerCliente(query);
}
c# mysql
I have this code that returns a client object, but to do it I use two methods.
How can I improve this to be more efficient and ensure it meets common standards?
//Method that returns a client from a string
private static Cliente ObtenerCliente(string query)
{
try
{
abrirConexion(); //Static method that opens a connection
cmd = new MySqlCommand(query, mySqlConexion);
MySqlDataReader dataReader = cmd.ExecuteReader();
if (dataReader.Read())
{
return new Cliente(
Convert.ToInt32(dataReader["id_cliente"]),
dataReader["nombre_cliente"].ToString());
}
else
{
dataReader.Close();
return null;
}
}
catch (MySqlException e)
{
MessageBox.Show(e.ToString());
return null;
}
finally
{
cerrarConexion(); //Static method that closes the connection
}
}
//Method that returns a customer from a phone number given
public static Cliente ObtenerCliente_Telefono(string telefono)
{
string query = "SELECT * FROM clientes WHERE (telefono1_cliente = '" + telefono + "' OR telefono2_cliente = '" + telefono + "');";
return ObtenerCliente(query); //Metodo que hace la consulta
}
public static Cliente ObtenerCliente_Id(int id)
{
string query = "SELECT * FROM clientes WHERE id_cliente = " + id + ';';
return ObtenerCliente(query);
}
c# mysql
c# mysql
edited Mar 26 at 6:07
200_success
127k15148411
127k15148411
asked Mar 26 at 5:54
Alejandro Arelis
61
61
Welcome to Code Review! I edited your question a bit in hopes that it wouldn't be flagged as off-topic. If I significantly changed what you meant, please just let me know and we can fix it.
– Raystafarian
Mar 26 at 6:04
3
Mandatory reading for understanding SQL injection.
– Roland Illig
Mar 26 at 20:21
Instead of writing ADO.NET code, why not use Dapper? github.com/StackExchange/Dapper/blob/master/Dapper.Tests/…
– BCdotWEB
Oct 25 at 9:32
add a comment |
Welcome to Code Review! I edited your question a bit in hopes that it wouldn't be flagged as off-topic. If I significantly changed what you meant, please just let me know and we can fix it.
– Raystafarian
Mar 26 at 6:04
3
Mandatory reading for understanding SQL injection.
– Roland Illig
Mar 26 at 20:21
Instead of writing ADO.NET code, why not use Dapper? github.com/StackExchange/Dapper/blob/master/Dapper.Tests/…
– BCdotWEB
Oct 25 at 9:32
Welcome to Code Review! I edited your question a bit in hopes that it wouldn't be flagged as off-topic. If I significantly changed what you meant, please just let me know and we can fix it.
– Raystafarian
Mar 26 at 6:04
Welcome to Code Review! I edited your question a bit in hopes that it wouldn't be flagged as off-topic. If I significantly changed what you meant, please just let me know and we can fix it.
– Raystafarian
Mar 26 at 6:04
3
3
Mandatory reading for understanding SQL injection.
– Roland Illig
Mar 26 at 20:21
Mandatory reading for understanding SQL injection.
– Roland Illig
Mar 26 at 20:21
Instead of writing ADO.NET code, why not use Dapper? github.com/StackExchange/Dapper/blob/master/Dapper.Tests/…
– BCdotWEB
Oct 25 at 9:32
Instead of writing ADO.NET code, why not use Dapper? github.com/StackExchange/Dapper/blob/master/Dapper.Tests/…
– BCdotWEB
Oct 25 at 9:32
add a comment |
2 Answers
2
active
oldest
votes
up vote
0
down vote
Nothing wrong with Cliente ObtenerCliente
accepting the query text.
Suffers from non-deterministic. You are only going to get the first but without an order by
then SQL will just pick one for you.
using
is a better approach in my opinion
For sure I don't like
Static method that opens a connection
Create the connection and let it be properly disposed
private static Cliente ObtenerCliente(string query)
{
using (Connection mySqlConexion = new Connection(conString))
{
try
{
//abrirConexion(); //Static method that opens a connection
mySqlConexion.Open();
using (cmd = new MySqlCommand(query, mySqlConexion))
{
using (MySqlDataReader dataReader = cmd.ExecuteReader())
{
if (dataReader.Read())
{
return new Cliente(
Convert.ToInt32(dataReader["id_cliente"]),
dataReader["nombre_cliente"].ToString());
}
else
{
//dataReader.Close(); let the using dispose
return null;
}
}
}
}
catch (MySqlException e)
{
MessageBox.Show(e.ToString());
return null;
}
finally
{
//cerrarConexion(); //Static method that closes the connection
}
}
}
add a comment |
up vote
0
down vote
Extending paparazzo's answer, I would use a tertiary to return the result. I also like the descriptiveness of default rather than null:
return dataReader.Read()
? new Cliente(Convert.ToInt32(dataReader["id_cliente"]),
dataReader["nombre_cliente"].ToString())
: default(Cliente);
Also consider using Top(1) in the queries, together with the order by suggestion, as the code only processes one row
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Nothing wrong with Cliente ObtenerCliente
accepting the query text.
Suffers from non-deterministic. You are only going to get the first but without an order by
then SQL will just pick one for you.
using
is a better approach in my opinion
For sure I don't like
Static method that opens a connection
Create the connection and let it be properly disposed
private static Cliente ObtenerCliente(string query)
{
using (Connection mySqlConexion = new Connection(conString))
{
try
{
//abrirConexion(); //Static method that opens a connection
mySqlConexion.Open();
using (cmd = new MySqlCommand(query, mySqlConexion))
{
using (MySqlDataReader dataReader = cmd.ExecuteReader())
{
if (dataReader.Read())
{
return new Cliente(
Convert.ToInt32(dataReader["id_cliente"]),
dataReader["nombre_cliente"].ToString());
}
else
{
//dataReader.Close(); let the using dispose
return null;
}
}
}
}
catch (MySqlException e)
{
MessageBox.Show(e.ToString());
return null;
}
finally
{
//cerrarConexion(); //Static method that closes the connection
}
}
}
add a comment |
up vote
0
down vote
Nothing wrong with Cliente ObtenerCliente
accepting the query text.
Suffers from non-deterministic. You are only going to get the first but without an order by
then SQL will just pick one for you.
using
is a better approach in my opinion
For sure I don't like
Static method that opens a connection
Create the connection and let it be properly disposed
private static Cliente ObtenerCliente(string query)
{
using (Connection mySqlConexion = new Connection(conString))
{
try
{
//abrirConexion(); //Static method that opens a connection
mySqlConexion.Open();
using (cmd = new MySqlCommand(query, mySqlConexion))
{
using (MySqlDataReader dataReader = cmd.ExecuteReader())
{
if (dataReader.Read())
{
return new Cliente(
Convert.ToInt32(dataReader["id_cliente"]),
dataReader["nombre_cliente"].ToString());
}
else
{
//dataReader.Close(); let the using dispose
return null;
}
}
}
}
catch (MySqlException e)
{
MessageBox.Show(e.ToString());
return null;
}
finally
{
//cerrarConexion(); //Static method that closes the connection
}
}
}
add a comment |
up vote
0
down vote
up vote
0
down vote
Nothing wrong with Cliente ObtenerCliente
accepting the query text.
Suffers from non-deterministic. You are only going to get the first but without an order by
then SQL will just pick one for you.
using
is a better approach in my opinion
For sure I don't like
Static method that opens a connection
Create the connection and let it be properly disposed
private static Cliente ObtenerCliente(string query)
{
using (Connection mySqlConexion = new Connection(conString))
{
try
{
//abrirConexion(); //Static method that opens a connection
mySqlConexion.Open();
using (cmd = new MySqlCommand(query, mySqlConexion))
{
using (MySqlDataReader dataReader = cmd.ExecuteReader())
{
if (dataReader.Read())
{
return new Cliente(
Convert.ToInt32(dataReader["id_cliente"]),
dataReader["nombre_cliente"].ToString());
}
else
{
//dataReader.Close(); let the using dispose
return null;
}
}
}
}
catch (MySqlException e)
{
MessageBox.Show(e.ToString());
return null;
}
finally
{
//cerrarConexion(); //Static method that closes the connection
}
}
}
Nothing wrong with Cliente ObtenerCliente
accepting the query text.
Suffers from non-deterministic. You are only going to get the first but without an order by
then SQL will just pick one for you.
using
is a better approach in my opinion
For sure I don't like
Static method that opens a connection
Create the connection and let it be properly disposed
private static Cliente ObtenerCliente(string query)
{
using (Connection mySqlConexion = new Connection(conString))
{
try
{
//abrirConexion(); //Static method that opens a connection
mySqlConexion.Open();
using (cmd = new MySqlCommand(query, mySqlConexion))
{
using (MySqlDataReader dataReader = cmd.ExecuteReader())
{
if (dataReader.Read())
{
return new Cliente(
Convert.ToInt32(dataReader["id_cliente"]),
dataReader["nombre_cliente"].ToString());
}
else
{
//dataReader.Close(); let the using dispose
return null;
}
}
}
}
catch (MySqlException e)
{
MessageBox.Show(e.ToString());
return null;
}
finally
{
//cerrarConexion(); //Static method that closes the connection
}
}
}
edited Mar 26 at 18:41
answered Mar 26 at 14:25
paparazzo
4,9911733
4,9911733
add a comment |
add a comment |
up vote
0
down vote
Extending paparazzo's answer, I would use a tertiary to return the result. I also like the descriptiveness of default rather than null:
return dataReader.Read()
? new Cliente(Convert.ToInt32(dataReader["id_cliente"]),
dataReader["nombre_cliente"].ToString())
: default(Cliente);
Also consider using Top(1) in the queries, together with the order by suggestion, as the code only processes one row
add a comment |
up vote
0
down vote
Extending paparazzo's answer, I would use a tertiary to return the result. I also like the descriptiveness of default rather than null:
return dataReader.Read()
? new Cliente(Convert.ToInt32(dataReader["id_cliente"]),
dataReader["nombre_cliente"].ToString())
: default(Cliente);
Also consider using Top(1) in the queries, together with the order by suggestion, as the code only processes one row
add a comment |
up vote
0
down vote
up vote
0
down vote
Extending paparazzo's answer, I would use a tertiary to return the result. I also like the descriptiveness of default rather than null:
return dataReader.Read()
? new Cliente(Convert.ToInt32(dataReader["id_cliente"]),
dataReader["nombre_cliente"].ToString())
: default(Cliente);
Also consider using Top(1) in the queries, together with the order by suggestion, as the code only processes one row
Extending paparazzo's answer, I would use a tertiary to return the result. I also like the descriptiveness of default rather than null:
return dataReader.Read()
? new Cliente(Convert.ToInt32(dataReader["id_cliente"]),
dataReader["nombre_cliente"].ToString())
: default(Cliente);
Also consider using Top(1) in the queries, together with the order by suggestion, as the code only processes one row
answered Mar 28 at 22:08
adrianJ
511
511
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f190474%2fmethods-to-search-for-a-client-in-mysql-by-id-or-by-phone%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Welcome to Code Review! I edited your question a bit in hopes that it wouldn't be flagged as off-topic. If I significantly changed what you meant, please just let me know and we can fix it.
– Raystafarian
Mar 26 at 6:04
3
Mandatory reading for understanding SQL injection.
– Roland Illig
Mar 26 at 20:21
Instead of writing ADO.NET code, why not use Dapper? github.com/StackExchange/Dapper/blob/master/Dapper.Tests/…
– BCdotWEB
Oct 25 at 9:32