Which code segment should you use?

###BeginCaseStudy###
Case Study: 1
Background
You are updating an existing Microsoft .NET Framework 4 application that includes a data
layer built with ADO.NET Entity Framework 4. The application communicates with a

Microsoft SQL Server 2008 instance named INST01 on a server named SQL01. The
application stores data in a database named Contoso in the INST01 instance.
You need to update the existing technology and develop new functionality by using
Microsoft Visual Studio 2010.
Application and Database Storage
The application tracks bicycle parts as they pass through a factory. Parts are represented by
the abstract Part entity and its associated partial classes. Each part has a name stored in the
Name field and a unique identifier stored in the Id field.
Parts are either component s (represented by the Component class) such as chains, wheels,
and frames, or finished product s (represented by the Product class) such as completed
bicycles. The Component class and the Product class derive from the Part class and may
contain additional class-specific properties.
Parts may have a color (represented by the Color class), but not all parts have a color, Parts
may be composed of other parts, and those parts may in turn be composed of other parts ; any
p art represents a tree of the parts that are used to build it, The lowest level of the tree consists
of c omponents that do not contain other component s.
A p roduct is a p art that has been completed and is ready to leave the factory. A p roduct
typically consists of many c omponents (forming a tree of child p arts) but can also be
constructed by combining other p roducts and/or c omponents to form a bundled p roduct,
such as a bicycle and a helmet that are sold together.
C omponents and p roducts are stored in a database table named Parts by using a table-perhierarchy (TPH) mapping. Components have a null ProductType field and a non-null
PartType field. Products have a non-null ProductType field and a null PartType field.
The following diagram illustrates the complete Entity data model diagram (EDMX diagram),

The following graphic illustrates detail s of the Part-Color Association.

The following code segments show relevant portions of the files referenced by the case study
items. (Line numbers in the samples below are included for reference only and include a twocharacter prefix that denotes the specific file to which they belong.)
Extension Methods.vb

Model.edmx

Model/Color.vb

Model/Component.vb

ModelContosoEntities.vb

Model IName.vb

Model Part.vb

Model Product.vb

sp_FindObsolete

###EndCaseStudy###

You are developing a new feature that displays an auto-complete list to users as they type color
names. You have an existing ContosoEntities context object named context. To support the new
feature you must develop code that will accept a string object named text containing a users partial
input and will query the Colors database table to retrieve all color names that begin with that input.
You need to create an Entity SQL (ESQL) query to meet the requirement. The query must not be
vulnerable to a SQL injection attack. Which code segment should you use?

###BeginCaseStudy###
Case Study: 1
Background
You are updating an existing Microsoft .NET Framework 4 application that includes a data
layer built with ADO.NET Entity Framework 4. The application communicates with a

Microsoft SQL Server 2008 instance named INST01 on a server named SQL01. The
application stores data in a database named Contoso in the INST01 instance.
You need to update the existing technology and develop new functionality by using
Microsoft Visual Studio 2010.
Application and Database Storage
The application tracks bicycle parts as they pass through a factory. Parts are represented by
the abstract Part entity and its associated partial classes. Each part has a name stored in the
Name field and a unique identifier stored in the Id field.
Parts are either component s (represented by the Component class) such as chains, wheels,
and frames, or finished product s (represented by the Product class) such as completed
bicycles. The Component class and the Product class derive from the Part class and may
contain additional class-specific properties.
Parts may have a color (represented by the Color class), but not all parts have a color, Parts
may be composed of other parts, and those parts may in turn be composed of other parts ; any
p art represents a tree of the parts that are used to build it, The lowest level of the tree consists
of c omponents that do not contain other component s.
A p roduct is a p art that has been completed and is ready to leave the factory. A p roduct
typically consists of many c omponents (forming a tree of child p arts) but can also be
constructed by combining other p roducts and/or c omponents to form a bundled p roduct,
such as a bicycle and a helmet that are sold together.
C omponents and p roducts are stored in a database table named Parts by using a table-perhierarchy (TPH) mapping. Components have a null ProductType field and a non-null
PartType field. Products have a non-null ProductType field and a null PartType field.
The following diagram illustrates the complete Entity data model diagram (EDMX diagram),

The following graphic illustrates detail s of the Part-Color Association.

The following code segments show relevant portions of the files referenced by the case study
items. (Line numbers in the samples below are included for reference only and include a twocharacter prefix that denotes the specific file to which they belong.)
Extension Methods.vb

Model.edmx

Model/Color.vb

Model/Component.vb

ModelContosoEntities.vb

Model IName.vb

Model Part.vb

Model Product.vb

sp_FindObsolete

###EndCaseStudy###

You are developing a new feature that displays an auto-complete list to users as they type color
names. You have an existing ContosoEntities context object named context. To support the new
feature you must develop code that will accept a string object named text containing a users partial
input and will query the Colors database table to retrieve all color names that begin with that input.
You need to create an Entity SQL (ESQL) query to meet the requirement. The query must not be
vulnerable to a SQL injection attack. Which code segment should you use?

A.
Dim parameter = New ObjectParameter(“text”, HttpUtility.HtmlEncode(text) & “%”)
Dim result = context.CreateQuery(Of String)(
“SELECT (c.Name) FROM Colors AS c WHERE c.Name LIKE ‘@text'”, parameter)

B.
Dim parameter = New ObjectParameter(“text”, text & “%”)
Dim result = context.CreateQuery(Of String)(
“SELECT (c.Name) FROM Colors AS c WHERE c.Name LIKE @text”, parameter)

C.
Dim parameter = New ObjectParameter(“text”, text & “%”)
Dim result = context.CreateQuery(Of String)(
“SELECT VALUE (c.Name) FROM Colors AS c WHERE c.Name LIKE @text”, parameter)

D.
Dim parameter = New ObjectParameter(“text”, text & “%”)
Dim result = context.CreateQuery(Of String)(
“SELECT VALUE (c.Name) FROM Colors AS c WHERE c.Name LIKE ‘@text'”, parameter)

Explanation:

Entity SQL supports two variants of the SELECT clause. The first variant, row select, is identified by
the SELECT keyword, and can be used to specify one or more values that should be projected out.
Because a row wrapper is implicitly added around the values returned, the result of the query
expression is always a multiset of rows.
Each query expression in a row select must specify an alias. If no alias is specified,Entity SQL
attempts to generate an alias by using the alias generation rules.
The other variant of the SELECT clause, value select, is identified by the SELECT VALUE keyword. It
allows only one value to be specified, and does not add a row wrapper.
A row select is always expressible in terms of VALUE SELECT, as illustrated in the following example.
ESQL Select
(http://msdn.microsoft.com/en-us/library/bb399554.aspx)



Leave a Reply 0

Your email address will not be published. Required fields are marked *