question

deckelmouck avatar image
0 Votes"
deckelmouck asked ·

best practice connecting directly to sqlserver

hello together,
i want to connect from multiple android devices to a ms sqlserver database in an internal environment only using wlan and no internet connection. are there any best practices for doing that?
with our old devices (win6.5) we use system.data.SqlClient and SqlConnection. Reading data via SqlCommand and Execute.. (Reader, Scalar, NonQuery e.g.).
all I get for online services is to use a webservice, but i want to try it directly and to be always up to date.
Thanks in advance!

dotnet-xamarinformsdotnet-androiddotnet-sqlclient
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

First of all, connect to sqlserver directly, it is not best practice, for security, using web services is an good choose. If you just want to connect to the sqlserver directly, you can create an dependence service, in the specific platform, you can use System.Data.SqlClient to connect to the DB like this thread https://stackoverflow.com/questions/37873020/accessing-directly-a-sql-server-database-in-xamarin-forms

2 Votes 2 ·

1 Answer

deckelmouck avatar image
0 Votes"
deckelmouck answered ·

hello,
tried two solutions:
- first: according to stackoverflow article from 2016 with interface and use service from pcl to xamarin android function. works :)
- second: only in pcl, use NETStandard.Library (2.0.3) and add NuGet package System.Data.SqlClient(4.8.2)
now you get simple access to mssqlserver ;)

and yes, I know, that this is not a secure way to get access to a sql server database on an internet connection, but i think it works for my purpose using it only on internal devices without access to public internet.

Regards

47340-carbon.png


carbon.png (107.2 KiB)
· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Best to use a parameter whenever there is a need for values in the WHERE clause to avoid

  • Unbalanced apostrophes

  • SQL Injection.

  • Proper data typing

The following can also be done with Add method besides AddWithValue.

 sqlCommand.Parameters.AddWithValue("@BusinessEntity", BusinessEnityId)                



1 Vote 1 ·

Thank you for this advice.

this was only for testing, but yeah, it should be no standard ;)

0 Votes 0 ·