C# > Data Access > Database Access > Using ADO.NET

ADO.NET: Connecting to a Database and Retrieving Data

This code snippet demonstrates how to connect to a database using ADO.NET, execute a query, and retrieve data. It uses the `SqlConnection`, `SqlCommand`, and `SqlDataReader` objects to interact with a SQL Server database. This is a fundamental example showcasing basic database interaction in C# using ADO.NET.

Code Snippet

This code establishes a connection to a SQL Server database, executes a SELECT query, and retrieves the results. It then iterates through the result set and prints the `Id`, `Name`, and `Value` columns for each row to the console. The code uses `try-catch` blocks to handle potential exceptions during database interaction. The `using` statements ensure that the database connection, command, and data reader are properly disposed of, even if an exception occurs.

using System; 
using System.Data.SqlClient; 

public class DatabaseAccess
{
    public static void Main(string[] args)
    {
        // Connection string to the database
        string connectionString = "Server=your_server;Database=your_database;User Id=your_user_id;Password=your_password;";

        // SQL query to retrieve data
        string query = "SELECT Id, Name, Value FROM YourTable";

        try
        {
            using (SqlConnection connection = new SqlConnection(connectionString))
            {
                // Open the connection
                connection.Open();

                // Create a command object
                using (SqlCommand command = new SqlCommand(query, connection))
                {
                    // Execute the command and get the data reader
                    using (SqlDataReader reader = command.ExecuteReader())
                    {
                        // Check if there are any rows
                        if (reader.HasRows)
                        {
                            // Loop through the results
                            while (reader.Read())
                            {
                                // Access the data
                                Console.WriteLine($"Id: {reader.GetInt32(0)}, Name: {reader.GetString(1)}, Value: {reader.GetDecimal(2)}");
                            }
                        }
                        else
                        {
                            Console.WriteLine("No rows found.");
                        }
                    }
                }
            }
        }
        catch (SqlException ex)
        {
            Console.WriteLine($"SQL Exception: {ex.Message}");
        }
        catch (Exception ex)
        {
            Console.WriteLine($"Exception: {ex.Message}");
        }
    }
}

Concepts Behind the Snippet

This snippet utilizes core ADO.NET components:

SqlConnection: Represents a connection to a SQL Server database.
SqlCommand: Represents a SQL command to execute against the database.
SqlDataReader: Provides a way to read a stream of data from a SQL Server database. It's a forward-only, read-only cursor.

The `using` statement ensures proper resource disposal using the `IDisposable` interface, preventing resource leaks and improving application stability.

Real-Life Use Case

Imagine an e-commerce application where you need to retrieve product information from a database. This snippet provides the fundamental structure for fetching product details, such as product ID, name, and price, to display them on a product page. It can also be used in data reporting and analysis applications to extract information from a database for further processing.

Best Practices

Connection Strings: Never hardcode connection strings directly in your code. Store them in configuration files (e.g., `appsettings.json`) and access them using `ConfigurationManager` or `IConfiguration` to improve security and maintainability.
Error Handling: Always implement robust error handling using `try-catch` blocks to gracefully handle exceptions and prevent application crashes. Log exceptions for debugging purposes.
Resource Management: Use `using` statements to ensure that database connections, commands, and data readers are properly disposed of, even if exceptions occur. This prevents resource leaks and improves performance.
Parameterized Queries: Use parameterized queries to prevent SQL injection vulnerabilities. Instead of concatenating user input directly into the SQL query, use parameters to pass the values separately.

Interview Tip

Be prepared to discuss the different components of ADO.NET (SqlConnection, SqlCommand, SqlDataReader, SqlDataAdapter), the importance of using `using` statements for resource management, and the security implications of SQL injection vulnerabilities. Also, understand the difference between a `DataReader` and a `DataSet` or `DataTable`.

When to Use ADO.NET

ADO.NET is suitable for scenarios where you need fine-grained control over database interactions and require high performance. It's a good choice for applications that perform complex queries or need to optimize database access for specific needs. However, for simpler scenarios or when working with object-relational mapping (ORM), frameworks like Entity Framework Core may be more appropriate.

Memory Footprint

The memory footprint of ADO.NET depends on the amount of data being retrieved from the database. Using a `SqlDataReader` typically has a lower memory footprint compared to loading data into a `DataSet` or `DataTable`, as the `SqlDataReader` retrieves data in a forward-only, read-only manner. Limit the number of columns and rows retrieved from the database to minimize memory usage.

Alternatives

Alternatives to ADO.NET include:

Entity Framework Core: An ORM that simplifies database interactions by mapping database tables to .NET objects.
Dapper: A lightweight ORM that provides a thin layer on top of ADO.NET, offering better performance than Entity Framework Core in some scenarios.

Pros

Fine-grained control: ADO.NET provides direct control over database connections and queries.
Performance: It can offer better performance than ORMs in certain scenarios, especially when optimized for specific database operations.

Cons

More verbose code: ADO.NET requires more code to perform basic database operations compared to ORMs.
Manual mapping: You need to manually map data between database tables and .NET objects.

← ADO.NET: Executing Non-Query Commands (INSERT, UPDATE, DELETE) →

FAQ

What is SQL injection and how can I prevent it?

SQL injection is a security vulnerability that allows attackers to inject malicious SQL code into database queries. To prevent SQL injection, use parameterized queries or stored procedures, which treat user input as data rather than executable code. Avoid concatenating user input directly into SQL queries.
How do I handle connection pooling in ADO.NET?

ADO.NET automatically handles connection pooling. When you close a connection, it's returned to the connection pool instead of being physically closed. Subsequent requests for a connection to the same database can reuse an existing connection from the pool, improving performance. You can configure connection pooling settings in the connection string.

Advanced C#

Asynchronous Programming

Blazor and Web Development

Compiler and Runtime

Core C#

Data Access

Diagnostics and Performance

Functional Programming

Interop and Unsafe Code

Language Features by Version

Memory Management

Networking

Object-Oriented Programming (OOP)

Security and Cryptography

Source Generators

Testing and Debugging

UI Programming