1

I have a static class that needs to pass a generic List of strings to a function using an integer as a index to the List in the class. The problem is the static class doesn't have a List collect and I don't have a proper index to access the class in the function it is passed to. The class, the calling code, and the receiving function are below.

My Class:

public class QueryContainer
{
    public static QueryContainer Instance = new QueryContainer();
    private int _id;
    private string _query = "";
    private int _searchID;

    public QueryContainer() { }

    public string Query
    {
        get
        {
            if (Instance != null)
                return Instance._query;
            else
                return "";
        }
        set { _query = value; _id =+ 1; }
    }

    public int ID { get { return _id; } }

    public int SearchID
    {
        set { _searchID = value; }
        get { return _searchID; }
    }        
}

The calling code:

public int GetAccountSortByAccountCode(int account)
{
    int Id = 0;
    QueryContainer.Instance.Query = "SELECT ac_sort_order FROM lkup_account_codes where ac_code = " + account.ToString();
    return Convert.ToInt32(ExecuteScaler(Id));
}

The function that the static class is passed to:

public int GetAccountSortByAccountCode(int account)
{
    int Id = 0;
    QueryContainer.Instance.Query = "SELECT ac_sort_order FROM lkup_account_codes where ac_code = " + account.ToString();
    return Convert.ToInt32(ExecuteScaler(Id));
}

The Function

    protected Object ExecuteScaler(int ID)
    {
        object returnValue = null;

        if (!_iserror)
        {
            if (_trace)
            { DoTrace("TAMIS.Data.Loader.ExecuteScalar", QueryContainer.Instance.Query); }

            if (_connection == null || _connection.State == ConnectionState.Closed)
            {
                OpenConnection();
            }

            DbCommand command = _provider.CreateCommand();
            command.Connection = _connection;
            {
                command.CommandText = QueryContainer.Instance.Query;
                command.CommandType = CommandType.Text;
                if (_useTransaction) { command.Transaction = _transaction; }

                try
                {
                    returnValue = command.ExecuteScalar();
                }
                catch (Exception ex)
                {
                    if (ex is EntryPointNotFoundException)
                        throw ex;
                    //if (_useTransaction == true)
                    //_transaction.Rollback();
                    RollBack();

                    LogBLL bll = new LogBLL();
                    bll.WriteErrorLog(ex);

                    _iserror = true;
                }
                finally
                {
                    if ((!KeepAlive && _connection.State == ConnectionState.Open) || _iserror == true)
                    {
                        CloseConnection();
                    }
                }
            }
        }
        else
        {
            returnValue = -1;
        }
        return returnValue;
    }
Improve this question

1 Answer 1

Reset to default
1

You are using QueryContainer as a Singleton.

In ASP.Net, you receives multiple requests from different users. It is not a good way to construct dynamic query.

Basically, what you are doing is all requests will use same QueryContainer instance. I don't think it is what you want.

The bottom line is do not use static in your scenario.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Below is the best I could come up with. Now the SQL injection error was showing up in the actual ExecuteScaler function using the SQL string being passed in as so: The old version my code replaced: protected object ExecuteScaler(string queryString) Now my version of the function is as so: protected Object ExecuteScaler(QueryContainer Instance) The calling function is now converted as so:

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.