LINQ and Related Topics

I would like to thank everyone who came out to my DevLINQ sessions this week. The materials for both of the sessions are not available on the Files tab  of this site. In addition, here are the descriptions and direct links to each of these downloads:

• Reactive Extensions for JavaScript (RxJs)

The Reactive Extensions allow developers to build composabile, asynchronous event driven methods over observable collections. In web applications, you can use this same model in client side processing using the RxJs framework. We'll show you how you can take advantage of this framework to simplify your complex asynchronous client side operations.

Includes slides and samples demonstrating some of the uses of the Reactive Extensions for JavaScript (RxJs). The samples illustrate using RxJs for LINQ style queries, Timer based web page rotator, Mock observable sensor, Mouse drag drop, Dictionary Suggest, and Bing Translator over multiple languages.

• Async Programming in .Net

While .Net 4 added parallel programming capabilities, these tools primarily help when your application is CPU bound. In many cases, parallel processing doesn't address IO Latency issues. In these cases, we need to provide the perception of responsive applications by using asynchronous programming tools. We will explore some of these options including Delegates, Callbacks, Iterators, Observers, and the new C# Async/Await keywords.

Includes slides and samples demonstrating ways of performing Asynchronous operations from .Net 1.0 through .Net 5.0. In addition to the standard Visual Studio 2010 install, you will also need to download and in stall the following libraries to use these samples:

• Wintellect Power Threading Library,
• Reactive Extensions for WPF 4
• Visual Studio Async CTP.

Thanks to the Wayback Machine I was able to find and resurrect 50 blog posts I made on the old DevAuthority that I thought were lost forever. It’s odd to see some of those old posts 5 years later. Hopefully, the search engines will crawl the old links again, particularly since I’m including them in SideMap that I told them to crawl.

By default, LINQ to SQL uses parameterized queries rather than concatenated strings when executing your LINQ queries. As a result, if a user tries to perform SQL Injection by improperly escaping parts of the SQL, the escape is considered part of the parameter rather than part of the query and thus avoids the injection.

However, as we discussed in chapter 8 of LINQ in Action, LINQ to SQL greatly reduces the possibility of SQL Injection, but doesn't completely eliminate it. For example, if you are using Stored Procedures and call spExecuteSQL passing in a concatenated string inside of the SQL Stored Proc, you are still subject to SQL Injection. Of course, this applies regardless of the data access technology and shows that even stored procs can't eliminate the possibility of SQL Injection.

In addition, the LINQ to SQL DataContext does offer the ability to pass a SQL Pass-through query as a string which can be injectable. For example, the following returns all rows in the Authors table:

string searchName = "Good' OR ''='";
TypedDataContext context = this;

string sql = @"Select ID, LastName, FirstName, WebSite, TimeStamp    " +
          "From dbo.Author " +
          "Where LastName = '" + searchName + "'";

IEnumerable<Author> authors = context.ExecuteQuery<Author>(sql);

LINQ to SQL does allow for a Injection safe version if you use string parameter place holders and pass the parameters into the overloaded version of ExecuteQuery accepting a paramarray of objects:

string sql = @"Select ID, LastName, FirstName, WebSite, TimeStamp    " +
          "From dbo.Author " +
          "Where LastName = {0}";

IEnumerable<Author> authors = context.ExecuteQuery<Author>(sql, searchName);

Thankfully, if you're standard LINQ methods, you're safe from SQL Injection with LINQ to SQL. The Entity Framework on the other hand actually does have some other potential injectionable areas if you're thinking of going down that route.

Tomorrow night, I’m giving my presentation discussing not only how, but when to consider using the dynamic features of C# 4 and VB (forever). If you attend the presentation, you can download the samples and slides from my download page. Part of the key in this presentation is  discussing the Why as compared to the simpler How of Dynamic. Here are some of my top reasons to use the dynamic features:

Testability

When trying to use unit testing, the compiler often limits the ability to follow-through on the test first methodology because you have to write at least a bare implementation before your tests and solution can compile. If you declare your objects as dynamic in your tests, you can write all of your tests without having to write the implementation. Naturally, the tests will fail at this point, but with test driven development, your tests should fail until you have written your implementation.

One of the main things to understand if you are using dynamic types is that you no longer have your compiler acting as a unit-test, checking your code to make sure that the methods and types that you are trying to consume actually exist. Instead, you need to take extra care to fully unit test your code to ensure that it truly works the way you intend. Frankly, I don’t care what testing framework you use or how much code coverage you have, just do it!

COM Iterop

One of the traditional advantages VB has had over the C based languages is the late binding ability to work naturally with COM interfaces like those exposed in Office. Using dynamic in C# 4, gives the curly-bracket world to work with office with less ceremony. VB still has an edge in that it can retain intellisense support because of the late binding rather than “object with dynamic semantics” typing that C# utilizes.

Flexible data structures

There are times when building frameworks where you might not know the structure of your data at compile time. I’ve written before about how to use the dynamic features for parsing CSV files. The same technique can be used to parse XML files as well. If you’ve used DataSets in the past, this is another such framework which currently uses strings as parameters to access tables and fields as objects. With Microsoft.Data in the WebMatrix libraries, Microsoft introduced a dynamic implementation over datasets as well, simplifying the programming model there as well. David Fowler wrote a series of blog posts introducing Microsoft.Data last year.

Scripting and DLR

Often, applications need the ability to allow for end user customization without the need to re-compile the application. With the DLR integration, you can add these script extension points in your application so that users can write code in Python, Ruby or any other DLR supported language. As long as you add the hooks in your application, you can take advantage of the user’s scripted changes.

In addition, the web contains a plethora of python and ruby code components that you can include in your .Net application by interacting with them via the DLR. Taking advantage of mature and well tested modules is often better than trying to re-invent the wheel yourself. Don’t fall into the trap of the “Not invented here” syndrome.

Increased separation of concerns

By using dynamic connections between your types, you can have components interact without needing to share version compatible interfaces and contracts. As long as your modules follow established conventions, it can work nicely without relying on the ceremony required otherwise. I demonstrated a while back how to connect MVC 1 views with anonymous types using VB’s late binding. More recent versions of MVC use dynamic features by default to bind to views with C# as well.

Along similar lines, Robert McCarter demonstrated using DynamicObject in the ViewModel of a MVVM pattern to eliminate the need to delegate all of the property Set/Get pairs between the View and the Model.

Summary

I’m sure this is just the tip of the iceberg of areas to use dynamic features. Can you thinq of others? The nice thing about VB and C# is that you can scope the use of dynamic features to just those parts of the application that benefit from them. This way you get the best of both worlds: the performance, tooling, and compiler support of static languages and simplicity, no compilation, implicitly typed objects and methods of dynamic languages.

Ultimately, when I have to choose between the two, I return to the mantra from Erik Meijer, et. al.

Use “Static typing where possible, dynamic typing when needed.”

In trying to come up with some compelling demos for RxJs, I happened upon a scenario that some of you may find helpful. I wanted to create the ability to display images on a timer loop and keep looping through them while the user is on the page. I realize that there are a plethora of jQuery plugins that do this already, but  I have a new hammer (RxJs), I might as well see how well it works myself.

As I did in my port of the ObservableSensor in the last RxJs post,  let’s start by defining the presentation portion:

<!DOCTYPE html>
<html>
<head>
     <title>Observable Rotator</title>
     <script type="text/javascript" src="http://code.jquery.com/jquery-1.6.2.min.js"></script>
     <script type="text/javascript" src="Scripts/rx.js"></script>
</head>
<body>
     <img id="imageRotator" alt="rotating" />
</body>
</html>

Clean and simple HTML5, except I didn’t set the source of the image. We’ll do that in our JavaScript code instead. Let’s get right to it then:

<script type="text/javascript">
    $(function () {
        var images = ["Images/image1.png",
                    "Images/somethingElse.png",
                    "Images/someAd.png",
                    "Images/JimHeadShot.jpg",
                    "Images/logo.gif"
                    ];

        $("#imageRotator").attr("src", images[0]);

        var delayedSites = Rx.Observable.GenerateWithTime(
             1,                                           // Starting index
            function (x) { return true; },                // Keep iterating always
            function (index) {               
                if (index < images.length - 1) 
                    return index + 1;                     // Increment index
                else
                    return 0; // if the current index exceeds the array bounds, reset the index 
            },
            function (index) { return images[index]; },  // OnNext
            function () { return 5000 });                // Time interval


        delayedSites
            .Subscribe(function (uri) {
                $("#imageRotator").attr("src", uri);
            });
    });
</script>

The start of this method should be easy enough. I’m setting up an array containing the locations of the images I want to rotate through. Of course, you could get this array from a xml file, json service request, using the FileSystemObject, or any number of other options. It doesn’t matter how you get the array.

Once we have the array, we’ll go ahead and populate the first item in that array as the starting image using the jQuery attr method setting the src attribute to images[0].  With that out of the way, we’re ready to start with the RxJs goodness.

In order to push out items from our array, we could use Rx.Observable.FromArray which is the same as the .ToObservable extension method in .Net, however we would need to set-up a custom scheduler to handle the delay. Instead, we’ll just use the GenerateWithTime method to pull items from the array OnNext passing in a time delay (30000 for 30 seconds). We also check to see if the current iteration index exceeds the number of items in the list and if so, reset the index to start looping from the start again.

Now that we are sending out new image uri’s every 30 seconds, we simply need to change the src attribute of the imgageRotator img tag, which we’ll do as the function we pass into the Subscribe method.

Naturally, there are plenty of enhancements that can be done to this example, including randomizing the starting index, setting the size of the imageRotator to keep all of them the same, adding jQuery fadeIn/fadeOut and other animation effects, etc. I’ll leave these tasks as an exercise for the reader.

My question dear reader is, do you thinq that the RxJs version is any better or worse that other image rotator examples you’ve seen? Why?