Web Hosting, Design, & Coding forum

General discussion

Mysterious code

by Judy / November 5, 2003 1:43 AM PST

The following code was posted on a forum I frequent. This forum has many hackers as members.

Can anyone tell me whether this is harmful or not?

--------------------

some code to share with the developers around here.

first you need to download this from microsoft

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/daab-rm.asp?frame=true

this is the class that I use it to simplify the access to the database through the aplication. it is by no means good code, but it do what i need for few things i am testing it on.

I planed to post this earlier than today but i did not have time to, the last 4 days i slept totally less than 16 hours


Code:

using System;
using System.Data;
using System.Data.SqlClient ;
using System.Configuration ;
using System.Collections;
using Microsoft.ApplicationBlocks.Data;

namespace MyApp.DataAccessClassLibrary
{


/// <summary>
/// Summary description for DBClass.
/// </summary>
public class DBClass


{
internal string strCalssName;
internal string spAddName;
internal string spDeleteName;
internal string spUpdateName;
internal string spGetName;
internal string spGetItems;
internal string CONN_STRING;

public DBClass()
{

strCalssName= this.ToString().Substring( this.ToString().LastIndexOf(".")+1);

spAddName="Add" + strCalssName;
spDeleteName="Delete" +strCalssName;
spUpdateName="Update" +strCalssName;
spGetName="GetItem" +strCalssName;
spGetItems="GetItems" +strCalssName;
CONN_STRING= ConfigurationSettings.AppSettings ["connectionstring"];

}

public SqlParameter[] InitAddItem()
{
SqlParameter[] storedParams = SqlHelperParameterCache.GetSpParameterSet(CONN_STRING, spAddName);

return storedParams;

}

public void AddItem(SqlParameter [] sqpParameters)
{
SqlHelper.ExecuteNonQuery (CONN_STRING,CommandType.StoredProcedure,spAddName,sqpParameters);
}

public SqlParameter[] InitUpdateItem()
{

SqlParameter[] storedParams = SqlHelperParameterCache.GetSpParameterSet(CONN_STRING, spUpdateName);

return storedParams;

}


public void UpdateItem(SqlParameter[] sqpParameters)
{

SqlHelper.ExecuteNonQuery (CONN_STRING,CommandType.StoredProcedure,spUpdateName,sqpParameters);

}

public SqlParameter[] InitDeleteItem()
{
SqlParameter[] storedParams = SqlHelperParameterCache.GetSpParameterSet(CONN_STRING, spDeleteName);

return storedParams;

}
public void DeleteItem(SqlParameter[] sqpParameters)
{

SqlHelper.ExecuteNonQuery (CONN_STRING,CommandType.StoredProcedure,spDeleteName,sqpParameters);

}

public SqlParameter[] InitGetItem()
{
SqlParameter[] storedParams = SqlHelperParameterCache.GetSpParameterSet(CONN_STRING, spGetName);

return storedParams;

}
public void GetItem(SqlParameter[] sqpParameters)
{
SqlHelper.ExecuteNonQuery (CONN_STRING,CommandType.StoredProcedure,spGetName,sqpParameters);
}

public SqlParameter[] InitGetItems()
{
SqlParameter[] storedParams = SqlHelperParameterCache.GetSpParameterSet(CONN_STRING, spGetItems);

return storedParams;

}
public SqlDataReader GetReaderItems(SqlParameter[] sqpParameters)
{
return SqlHelper.ExecuteReader(CONN_STRING,CommandType.StoredProcedure,spGetItems,sqpParameters);
}

public DataSet GetDataSetItems(SqlParameter[] sqpParameters)
{
return SqlHelper.ExecuteDataset (CONN_STRING,CommandType.StoredProcedure,spGetItems,sqpParameters);
}

public DataSet ExecuteDataset (string spName ,SqlParameter[] sqpParameters)

{
return SqlHelper.ExecuteDataset (CONN_STRING,CommandType.StoredProcedure,spName,sqpParameters);
}

public SqlDataReader ExecuteReader (string spName ,SqlParameter[] sqpParameters)

{
return SqlHelper.ExecuteReader (CONN_STRING,CommandType.StoredProcedure,spName,sqpParameters);
}

public void ExecuteNonQuery (string spName ,SqlParameter[] sqpParameters)

{
SqlHelper.ExecuteNonQuery (CONN_STRING,CommandType.StoredProcedure,spName,sqpParameters);
}

public SqlParameter[] InitSP(string spName)
{
SqlParameter[] storedParams = SqlHelperParameterCache.GetSpParameterSet(CONN_STRING, spName);

return storedParams;

}

public Hashtable GetParametersMapping(SqlParameter[] sqpParameters)
{
Hashtable ParamMap = new Hashtable();

for (int i = 0 ; i < sqpParameters.Length ; i++)
{
ParamMap.Add(sqpParameters.ParameterName,i );
}

return ParamMap;

}
}
}



Posted: Tue Nov 04, 2003 6:40 pm Post subject:


Sample of how to use the DBclass in any class that inhert from it.


Code:

public bool AddGame(ref int GameID, int CompID, short Team1, bool Home1, short Team2, bool Home2, DateTime GameTime, bool Raininig, byte Team1Ready, byte Team2Ready, string StadiumE, string StadiumA, string LocationE, string LocationA)
{

SqlParameter[] spParam;

spParam = base.InitAddItem();

Hashtable ParamMap = base.GetParametersMapping(spParam);

spParam[(int) ParamMap["@CompID"]].Value =CompID;
spParam[(int) ParamMap["@Team1"]].Value =Team1;
spParam[(int) ParamMap["@Home1"]].Value =Home1;
spParam[(int) ParamMap["@Team2"]].Value =Team2;
spParam[(int) ParamMap["@Home2"]].Value =Home2;
spParam[(int) ParamMap["@GameTime"]].Value =GameTime;
spParam[(int) ParamMap["@Raininig"]].Value =Raininig;
spParam[(int) ParamMap["@Team1Ready"]].Value =Team1Ready;
spParam[(int) ParamMap["@Team2Ready"]].Value =Team2Ready;
spParam[(int) ParamMap["@StadiumE"]].Value =StadiumE;
spParam[(int) ParamMap["@StadiumA"]].Value =StadiumA;
spParam[(int) ParamMap["@LocationE"]].Value =LocationE;
spParam[(int) ParamMap["@LocationA"]].Value =LocationA;

base.AddItem(spParam);

GameID = int.Parse(spParam[int.Parse( ParamMap["@GameID"].ToString())].Value.ToString()) ;

return true;

}

Discussion is locked
You are posting a reply to: Mysterious code
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Mysterious code
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re:Mysterious code is also a perfect example of uncommented code NEVER to be used.
by R. Proffitt Forum moderator / November 8, 2003 11:54 PM PST
In reply to: Mysterious code

Such code should never be allowed into any business setting. While it may be clear to the writer what it does and I can see most of what it does in one reading, it FAILS HORRIBLY as a piece of code that your staff would be able to pick up and maintain.

You should just eject it before it gets glued into place.

Bob

Collapse -
Re:Re:Mysterious code is also a perfect example of uncommented code NEVER to be used.
by Sovereign Forum moderator / February 20, 2004 1:57 PM PST

What does it do?

Collapse -
"What does it do?"
by R. Proffitt Forum moderator / February 21, 2004 12:39 AM PST

That depends on the databases its using.

As such, it's just an ASP script and not much else can be gleaned from it.

Collapse -
(NT) Message has been deleted.
by R. Proffitt Forum moderator / February 21, 2004 12:32 AM PST
In reply to: Mysterious code
Collapse -
Not all that obscure
by wolfwizard / February 16, 2005 3:34 AM PST
In reply to: Mysterious code

The first set of code is a general class that can be used to setup and execute calls to stored procedures.

Key Points:
---------------------------------------------------
The constructor sets up a set of stored procedure names that have a prefix and the class name. In the sample code there would exist a stored procedure with the name AddDBClass.

The Init... functions use the Microsoft ApplicationBlocks to query the database and get a parameter list for the stored procedure

The GetParametersMapping function uses the parameter list array and creates a hash table from that with the key as the name of the parameter and the value as the index of the parameter.

In the second set of code the parameters are set using the hash table to translate the parameter name with its index in the parameter list array.

The AddItem procedure executes the stored procedure with the information in the parameter list array passed to it using the SqlHelper of the Microsoft ApplicationBlocks.
------------------------------------------------

Yes it would be nice to have comments but a good programmer should get the idea of what this is doing.

This only works if there are stored procedures with names that end the same. If you have multiple sets of stored procedures that each end with similar names then this can be used with a class for each set of stored procedures ending in the same name. (Which would be the class name)

I don't think the code is bad, just uncommented which can be easily fixed. As far as functional... I didn't test that yet. I may check it out if I have time in the future and if it works I may implement some version of this, after adding comments of course.

Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

CNET ON CARS

Want to see the future of car technology?

Brian Cooley found it for you at CES 2017 in Las Vegas and the North American International Auto Show in Detroit.