I have an app that retrieves data from an Access database. At the moment I
have the SQL string as a Const in my app. I understand this is not best
practice. I don't want the user to have access to read or modify this string
so I don't want to store it in an INI / Text file or in registery. Can
someone please tell me the best practice for this.
I think you have the best practice.
It used to be considered best practice to break queries over multiple lines
with string concatenation and line continuation. It was thought that this
made queries more "readable". This was crap. And the only excuse for it
was that there was a limit to the length of a line of VB code, so you
couldn't store the SQL on one line anyway. This also encouraged the bad
habit of binding parameters into your query through string concatenation.
In VB.NET lines can be as long as you want, and using parameter markers in
your queries is much easier. So SQL queries should be CONST's and written
all on one line. Like this
CONST sqlGetCustomer as string = "select * from customer where id = ?"
This seperates the SQL from the VB, and makes it easy to cut and paste the
SQL out and work on it in a database tool, then paste it back in.
It's also best practice to minimize the complexity of SQL stored in your
application.
Complicated joins and procedural logic (for databases that support that),
should be pushed down into the database as much as possible. For instance
if you have a query that joins 8 tables, create an Access QueryDef in the
database, and then do a simple select from that in your VB code. This
limits the amount of mixing of different languages in your source code.
Interleaving different languages is bad form, and makes both of the
languages hard to read and maintain. This is one big reason "old" ASP
sucked: one file would contain a tangled mess of VBScript, HTML, JavaScript,
and possibly SQL. And this is also why you shouldn't break your SQL queries
over multiple lines with string concatenation and line continuation.
David