1. Data Access – Best Practice
Lars-Erik Kindblad
Senior Consultant
Blog: kindblad.com
2. Agenda
Why is Data Access so important?
Common issues in many applications
How to solve these issues
Summary
| Sector, Alliance, Offering
3. Why is Data Access so important?
Retrieving, creating, updating and deleting data are core operations
Affects the entire application in a bad way if done incorrectly
| Sector, Alliance, Offering
5. Code issues
The code in the data access layer is often put into a single or a few
huge classes
• Hard to maintain
Database queries are constructed in the frontend or business layer
• Leads to messy frontend or business code
ORM framework limitations or lack of «ORM masters»
• A lot of quickfixes
Doesn’t support rollback of changes when errors occurs
| Sector, Alliance, Offering
6. Performance issues
The application slow
• Too many database queries
• Too heavy database queries
• Lazy loading
• Poorly generated SQL by the ORM framework
| Sector, Alliance, Offering
7. Security issues
Vulnerable to SQL Injection
Users get access to data they should not have access too
| Sector, Alliance, Offering
8. Quality issues
Many bugs
• No tests
• ... or tests that doesn’t test the important stuff
| Sector, Alliance, Offering
9. How to solve these issues
| Sector, Alliance, Offering
10. What do we want?
Well structured data access code that is easy to maintain
• Small simple classes that does only one thing - Single Responsiblity Principle
The application should be fast
• Only retrieve the data that we actually need – Criteria Pattern
• Do as much as possible in one query – SQL Joins
• Avoid lazy loading
The application should be secure
• Use an ORM framework and/or use parameters instead of concatenated strings
• Always check for permissions when retrieving, creating, updating or deleting data
Rollback uncomitted changes if anything goes wrong
• Transaction support
As little dependency on the ORM as possible
• Gateway Pattern
Frontend, Business and Data Access Code should be separated
• Logical Layering
High quality – Bug free code
• Integration tests
| Sector, Alliance, Offering
20. Overview
Frontend Criteria Pattern: Decide what data to retrieve and filter on
Class
Business Business logic
Class
Data Access
Class Construct the most optimal and secure query
| Sector, Alliance, Offering
24. Overview
Frontend Transaction management
Layer Decide what data to retrieve and filter on
Business Business logic
Layer
Data Access
Layer Construct the most optimal and secure query
| Sector, Alliance, Offering
25. HOW TO:
GET A HIGH QUALITY APPLICATION
THROUGH INTEGRATION TESTS
| Sector, Alliance, Offering
28. Summary
Have small simple classes that does only one thing
Use the Criteria Pattern to decide what data to retrieve
Use joins to retrieve as much data as needed in one query
Avoid lazy loading
Use parameters instead of concatenated strings
Always check for permissions when retrieving, creating, updating or
deleting data
Use transactions to rollback when errors occurs
Use the Gateway Pattern to reduce ORM dependency
Have a strict Frontend layer, Business layer, Data Access layer
Verify quality through Integration Tests
| Sector, Alliance, Offering