data access - best practice
DESCRIPTION
Lars-Erik Kindblad presentation at the Capgemini Microsoft User Group 2012.TRANSCRIPT
Lars-Erik KindbladSenior ConsultantBlog: kindblad.com
Data Access – Best Practice
| Sector, Alliance, Offering
Agenda
Why is Data Access so important? Common issues in many applications How to solve these issues Summary
| Sector, Alliance, Offering
Why is Data Access so important?
Retrieving, creating, updating and deleting data are core operations Affects the entire application in a bad way if done incorrectly
| Sector, Alliance, Offering
Common issues in many applications
| Sector, Alliance, Offering
Code issues
The code in the data access layer is often put into a single or a few huge classes• Hard to maintain
Database queries are constructed in the frontend or business layer• Leads to messy frontend or business code
ORM framework limitations or lack of «ORM masters»• A lot of quickfixes
Doesn’t support rollback of changes when errors occurs
| Sector, Alliance, Offering
Performance issues
The application slow• Too many database queries• Too heavy database queries• Lazy loading• Poorly generated SQL by the ORM framework
| Sector, Alliance, Offering
Security issues
Vulnerable to SQL Injection Users get access to data they should not have access too
| Sector, Alliance, Offering
Quality issues
Many bugs• No tests• ... or tests that doesn’t test the important stuff
| Sector, Alliance, Offering
How to solve these issues
| Sector, Alliance, Offering
What do we want? Well structured data access code that is easy to maintain
• Small simple classes that does only one thing - Single Responsiblity Principle The application should be fast
• Only retrieve the data that we actually need – Criteria Pattern• Do as much as possible in one query – SQL Joins• Avoid lazy loading
The application should be secure• Use an ORM framework and/or use parameters instead of concatenated strings• Always check for permissions when retrieving, creating, updating or deleting data
Rollback uncomitted changes if anything goes wrong• Transaction support
As little dependency on the ORM as possible• Gateway Pattern
Frontend, Business and Data Access Code should be separated• Logical Layering
High quality – Bug free code• Integration tests
| Sector, Alliance, Offering
Example code
| Sector, Alliance, Offering
HOW TO:REDUCE ORM DEPENDENCIESSTRICTER LAYERINGROLLBACK IF ERROR OCCURSHAVE SIMPLE DATA ACCESS CODE
| Sector, Alliance, Offering
The Common Way
Frontend Layer
Business Layer
Data Access Layer
ORM
Query the Database
Query the Database
Query the Database
| Sector, Alliance, Offering
A Better Way
Frontend Layer
Business Layer
Data Access Layer
ORM
Query the Database
Transaction Management
Rollback, CommitORM Gateway
Initialize ORMTransaction management
| Sector, Alliance, Offering
DbContexGateway for FluentData
| Sector, Alliance, Offering
Data Access Layer
| Sector, Alliance, Offering
Business Layer
| Sector, Alliance, Offering
Frontend Layer
| Sector, Alliance, Offering
EFFICIENT DATA RETRIEVAL & FILTERING
| Sector, Alliance, Offering
Overview
Business Class
Frontend Class
Data Access Class
Criteria Pattern: Decide what data to retrieve and filter on
Business logic
Construct the most optimal and secure query
| Sector, Alliance, Offering
Frontend Layer
| Sector, Alliance, Offering
Business Layer
| Sector, Alliance, Offering
Data Access Layer
| Sector, Alliance, Offering
Overview
Business Layer
Frontend Layer
Data Access Layer
Transaction managementDecide what data to retrieve and filter on
Business logic
Construct the most optimal and secure query
| Sector, Alliance, Offering
HOW TO:GET A HIGH QUALITY APPLICATIONTHROUGH INTEGRATION TESTS
| Sector, Alliance, Offering
Test - CreateProductDbCommand
| Sector, Alliance, Offering
Test - GetProductsDbCommand
| Sector, Alliance, Offering
Summary
Have small simple classes that does only one thing Use the Criteria Pattern to decide what data to retrieve Use joins to retrieve as much data as needed in one query Avoid lazy loading Use parameters instead of concatenated strings Always check for permissions when retrieving, creating, updating or
deleting data Use transactions to rollback when errors occurs Use the Gateway Pattern to reduce ORM dependency Have a strict Frontend layer, Business layer, Data Access layer Verify quality through Integration Tests
| Sector, Alliance, Offering
QUESTIONS?
www.capgemini.com
The information contained in this presentation is proprietary. ©2010 Capgemini. All rights reserved