asp.netPRO The .NET and Java component publisher



Subscription Services
Print Subscription
Online-Only Subscription
Renew Subscription
asp.netNOW Newsletter
Change of Address
Pay An Invoice
Subscription Packages

asp.netPRO
Articles
411asp.net Directory
New Products
Book Reviews
Blog Listings  
E-Newsletter Articles- NEW
Events  - NEW 
Job Listings  
Product Reviews
Opinion
Back Issues
Reprints/E-prints
Search

Downloads
Premium Downloads


Informant
Contact Us
Advertise with Us
Write For Us



 
 
 


See How Your Data Grid Compares


Software components for Communications, Security, and E-Business 2008 Fall Conference in Las Vegas
2007 asp.netPRO Complete Works CD
Co-Sponsored by:
Download your free trial now!


Click here for the online product directory, asp.netPRO Product Portal

 

Latest Features
 •

Conflict Resolution
 •

Cause and Effect
 •

Why Are You Still Single?


 •

Future Features of ASP.NET
 •

WCF Proxies: To Cache or Not to Cache?



Article Rating
Rate this article on a scale from 0 to 5
5 Best
4  
3  
2  
1  
0 Worst



Email

Tell a friend
about this article!



asp:Feature

LANGUAGES: C#

ASP.NET VERSIONS: 2.0

 

Build Connection Strings Seamlessly in .NET 2.0

Ensure Your Database Connection Strings Are Safe and Secure

 

By Joydip Kanjilal

 

The basic requirement for connecting to a database involves the use of connection strings. A connection string is comprised of the database server to connect to, the database name, the user’s credentials, the authentication mode that should be used, etc. In the earlier version of .NET (.NET 1.x), we had to manually merge the various parameters to build the connection string and use it. With the advent of .NET 2.0, however, things have changed. You have the option of using the connection string builder classes available to build safe and secure connection strings seamlessly. This article presents how we can make use of these classes to build our database connection strings in .NET 2.0 (with code examples where appropriate).

 

The Connection String Builder Classes in .NET 2.0

Whether you store your connection strings in the configuration file or you hard code them in your application, you no longer need to dynamically concatenate the necessary parameters to build your database connection strings. With .NET 2.0 you have the connection string builder classes that are designed to eliminate syntax errors and potential security threats from SQL injection attacks in your database connection strings. For more on SQL injection attacks see my article Prevent SQL Injection Attacks.

 

We have four such classes that correspond to each type of data provider being used. You have the following connection string builders from which to choose:

  • SqlConnectionStringBuilder
  • OracleConnectionStringBuilder
  • OleDbConnectionStringBuilder
  • OdbcConnectionStringBuilder

 

Needless to say, the names of these classes relate to the type of the respective data providers. The DbConnectionStringBuilder class in the System.Data namespace serves as the base for all these strongly typed connection string builder classes. The following code snippet illustrates how we can build our database connection string using the SqlConnectionStringBuilder class and specifying the required parameters through the properties of this class:

 

SqlConnectionStringBuilder sqlConnectionStringBuilder = new SqlConnectionStringBuilder(); //Create an instance of the SqlConnectionStringBuilder class

sqlConnectionStringBuilder.UserID = // The database user's id

sqlConnectionStringBuilder.Password = //Password for the database user

sqlConnectionStringBuilder.DataSource = // The name of the database server to connect to

sqlConnectionStringBuilder.PacketSize = // Size of the data packet

sqlConnectionStringBuilder.InitialCatalog = // The name of the database to connect to

sqlConnectionStringBuilder.ConnectTimeout = // The connection timeout value in seconds

 

As an example, you can build your database connection string for the database “test” that resides in your local system, as shown in the code snippet below:

 

SqlConnectionStringBuilder sqlConnectionStringbuilder = new SqlConnectionStringBuilder();

sqlConnectionStringbuilder.DataSource = "(local)";

sqlConnectionStringbuilder.InitialCatalog = "Test";

sqlConnectionStringbuilder.IntegratedSecurity = true;

 

Once you are done with specifying the different parameters, you can retrieve the connection string using the ConnectionString property of the SqlConnectionStringBuilder class, as shown below:

 

String connectionString = sqlConnectionStringBuilder.ConnectionString;

 

Now you can create a connection using the connection string built earlier (in either of the following two ways):

 

SqlConnection connection = new SqlConnection(sqlConnectionStringbuilder.ToString());

 

or

 

SqlConnection connection = new SqlConnection(sqlConnectionStringBuilder.ConnectionString);

 

Conclusion

.NET 2.0 allows you to dynamically build database connection strings that are safe and error free. You no longer need to append the required parameters to build your database connection strings. This article has taken a brief look at the connection string classes in .NET 2.0 and illustrated how we can use them programmatically.

 

Working extensively in Microsoft technologies for more than 10 years, Joydip Kanjilal is a Senior Technical Leader in the Design and Architecture team for a reputed company in a Hyderabad, India. His programming skills include C, C++, Java, C#, VB, VC++, ASP.NET, XML, and UML. He has worked with .NET and C# for more than five years. Reach Joydip at mailto:joydipkanjilal@yahoo.com or at his blog at http://aspadvice.com/blogs/joydip/.

 

 

 

 

Microsoft Internet Explorer
Top of page

 

The .NET and Java component publisher
Informant Communications Group

Informant Communications Group, Inc.
5105 Florin Perkins Road
Sacramento, CA 95826
Phone: (916) 379-0609 • Fax: (916) 379-0610

Copyright © 2008 Informant Communications Group. All Rights Reserved. • Site Use Agreement • Send feedback to the Webmaster • Important information about privacy