10
To avoid string abuse and avoid code injection problems can be a good practice using the Linq.
I can also imagine, for example, that it’s slower.
Who ever used the Linq to communicate with the database, I would recommend?
5 answers
16
LINQ itself is a part of . NET that adds query functionality to the framework. Linq is not tied to any technology, he works on an interface (Iqueryable). The implementation of the final query (which accesses the data provider) is in charge of who implements the interface.
If you’re using Linux to access an SQL database it’s because you’re using some specific implementation for it (such as Entity Framework, LINQ to SQL or Nhibernate).
In terms of code security we can not affirm... nothing. This is dependent on the implementation of preview that you are using.
What is possible to say is that one of the advantages of using Ingl is that your queries will be compiled, that is, depending on what is erroneously changed the compiler may generate an error.
For example, let’s assume that a column is removed from the database. Similarly the removal of the column you also change the system code for its class and its darlings do not reference the column. If by chance the programmer forgets to replace in a query using Linux the compiler will generate a build error, because the darlings will involve a property that no longer exists. Already with darlings sql as text this does not happen, will occur only running error.
A possible advantage to use darlings sql directly is performance. Generally, because they offer a higher level of abstraction, queries made indirectly with Linus tend not to be as performative as executing an sql query directly. There are some cases where this small difference in performance is relevant. It is common to find systems that do only the heaviest operations in this way.
-
Thank you, make it very clear that some supposed advantages are not necessarily there. So I know what I need to pay attention to.
-
And it is always good to remember: at least in relation to relational databases, and at least in relation to the LINQ used with Entity Framework, LINQ to SQL and Nhibernate, the LINQ query will be automatically transformed, at the end of the day, in an SQL query.
6
Although your question is already answered, the title of your question attracted me to share some other benefits that we have felt in our company in the use of Linq, if someone is going through the same decision process. So there goes:
- The
Linqexchange the use of Magic Strings by compiled instructions: In practice, you bring to your query’s the benefits of a strongly typed language and of refactoring; - The
Linqbrought us a self-documentation break, because when creating the classes we had to review the mapping between the tables (as we have a legacy base, we did not usecontraintsforeign key). It took work, but today new programmers can easily navigate from one table to another without worrying aboutjoins. Still, the hand on the wheel ofIntellisenseVisual Studio makes query writing very fast; - The
Linqstandardizes all query’s created in the .NET. world.In the case of Linq for SQL, this means that you will adopt the same standard and it can be rendered in several dialects* of different databases. It is worth remembering that even though SQL is a ansi language, it is difficult to restrict to the default (take the SQL functionssubstringandtop Nas an example); - And if you still need to use String’s to form your query dynamically without too much complication, you can resort to Dynamic Linq.
And yes, round and round we have performance problems by query’s poorly formed, but it is a way. In short, I say that it is worth (very) the worth.
[*] In our case, we are using Linq for SQL implemented by the excellent Nhibernate that already brings database support most common market.
4
In my experiences, the LINQ has several qualities, yes, but has its limitations too. I have passed, for example, a Dataset so large that the LINQ broke the whole program. Using a for { ... }, can do the same thing but extremely fast.
I believe that this slowness comes from the extreme 'overhead' that using the LINQ brings, being that in the background, the . NET makes a for { ... } likewise.
(Sorry about the English there :P)
-
2
Will you say you haven’t lived in Brazil almost your whole life? : D
-
I lived a few years in Brazil only :)
4
Yes, the use of LINQ forces the programmer to protect their code against SQL injection.
Yes, LINQ is sometimes slower. But there is more than one way to detect and solve these problems.
Yes, I’ve used LINQ extensively to communicate with databases and recommend it. Especially in the Entity Framework version, since Linq-to-SQL is no longer updated.
0
What I can say about LINQ, in my point of view it is only worth making records, simple. Even so I see no advantage. You see, Delphi has always been a very fast development language, and it does exactly what the link does, strange that I’m saying this more you see well, when you use Delphi components like Clientdataset, it will make a mapping of your table and there it adds all the basic functionalities of a register, the problem is that it makes a mapping of the table according to the database you are using and this way it ties you in the database, If you need to change banks you would have problems, several. In Linq this same table mapping happens, it ends up creating the classes more will also tie the database you are using, and when you use SQL, you create each class separately, using the types of primitive fields that will serve for any database, basically you have the connection to the database and the classes that represent your tables, do not have a direct link, so in the end, it’s going to be pure SQL off that you won’t need to learn a new LINQ syntax. So for me in my point of view does not pay, I develop using a project for Repositorio, Domain, Application and a project for presentation, I think it is worth you do a small project, to test more for me the LINQ, is only good to make simple registration. About SQL Injection, just use @Html.Antiforgerytoken() in HTML and controller [Validateantiforgerytoken].
Browser other questions tagged c# sql linq
You are not signed in. Login or sign up in order to post.
In which context?
– talles
I am in the process of being accepted or not in a new job, where they use C# and connect with databases (in this case by local GUI, not by web). I don’t have extensive experience with C# and then I’m curious if the common practice would be to use Linq or SQL by string, and if this is good or bad practice... Seeing your question I can understand that it depends on the context?
– LaPingvino
Yes! A context is very important for your question to be answered. I posted an answer, but in the end note that I did not directly answer your question, I just talked about it. Already with a context it would be possible to say "this is/is not recommended".
– talles
Even so, your answer is really what I needed to hear! Thank you!
– LaPingvino