Home > Articles > Programming > Windows Programming

Drag-and-Drop Techniques for Creating Database Applications in Visual Studio 2005

  • Print
  • + Share This
Don't think of drag-and-drop as something for the ill-prepared, says John Mueller. It's a valuable technique for anyone who can express an idea as a stored procedure.
Like this article? We recommend

Like this article? We recommend

Many developers today think about database programming as a grueling task requiring hundreds or even thousands of lines of code for each data-manipulation requirement. Of course, it doesn’t help that database programming environments of the past didn’t exactly make working with stored procedures easy. In fact, Visual Studio of the past was downright hostile to stored procedures. Consequently, developers generally used the drag-and-drop technique for single tables and not much else—when they used drag-and-drop at all. Fortunately, Visual Studio 2005 makes it significantly easier to use drag-and-drop for queries of any complexity, because it supports stored procedures directly.

Using Tables Isn’t Safe

In reality, direct table access isn’t the safest way to access the data in your database. You really need to implement tasks by using stored procedures in order to provide centralized protection of your data through the database manager. When you access a table directly, you actually give the user complete control over the table. Even with the best code in place, SQL injection attacks can provide a cracker with unexpected and unwelcome opportunities for intrusion. Using a stored procedure helps you control precisely how the user accesses the data through the database manager, where it’s much harder to overcome the security measures you create. By their very nature, stored procedures let a user perform at most one task with the database (add, delete, update, or read).

An underused but valuable option for working with databases is the view. In many cases, a view does everything the user requires. It shows the content of the database in a specific manner. Because views are read-only looks at a database, you don’t have to worry about anyone adding, deleting, or updating records. You also have considerable control over precisely what the user sees and can safeguard sensitive data without any trouble. The standard stored procedure techniques described in this article also work fine with views.

  • + Share This
  • 🔖 Save To Your Account