Sumedh Meshram

.Net Technical Blog

Inheritance

Inheritance :

  • Inheritance is a way to form new classes (instances of which are called objects) using classes that have already been defined.
  • Inheritance is employed to help reuse existing code with little or no modification.
  • The new classes, known as Sub-class or derived class, inherit attributes and behavior of the pre-existing classes, which are referred to as Super-class or Base class.

C# supports two types of Inheritance mechanisms

  1. Implementation Inheritance
  2. Interface Inheritance

Implementation Inheritance:

When a class (type) is derived from another class (type) such that it inherits all the members of the base type it is Implementation Inheritance

Interface Inheritance:

When a type (class or a struct) inherits only the signatures of the functions from another type it is Interface Inheritance.

Benefits of using Inheritance

  • Once a behavior (method) or property is defined in a super class (base class),that behavior or property is automatically inherited by all subclasses (derived class).
  • Code reusability increased through inheritance
  • Inheritance provide a clear model structure which is easy to understand without much complexity
  • Using inheritance, classes become grouped together in a hierarchical tree structure
  • Code are easy to manage and divided into parent and child classes
public class ParentClass
{
    public ParentClass()
    {
        Console.WriteLine("Parent Constructor.");
    }
    public void print()
    {
        Console.WriteLine("Parent Class.");
    }
}
public class ChildClass : ParentClass
{
    public ChildClass()
    {
        Console.WriteLine("Child Constructor.");
    }
    public static void Main()
    {
        ChildClass child = new ChildClass();
        child.print();
    }
}

Output:

Parent Constructor.

Child Constructor.

Parent Class.

Encapsulation

  • Encapsulation is a procedure of covering up of the data & functions into a single unit called as class 
  • An encapsulated object is often called an abstract data type. 
  • Encapsulation can protect your data from accidental corruption. 
  • Rather than defining the data in the form of public, we can declare those fields as private.

Code Example :

public class School
{
	private string Schooldepartname;
	public string SchoolDepartname
	{
		get
		{
			return Schooldepartname;
		}
		set
		{
			Schooldepartname =value;
		}
	}
}
public class Departmentmain
{
	public static int Main(string[] args)
	{
		School d= new School();
		d.SchoolDepartname="Communication";
		Console.WriteLine("The Dept. Name is :{0}",d.SchoolDepartname);
		return 0;
	}
}

 

Output:

The Dept. Name is : Communication

Benefits of Encapsulation :

  • In Encapsulation fields of a class can be read-only or can be write-only.
  • A class can have control over in its fields.
  • A class can change data type of its fields anytime but users of this class do not need to change any code.

From the above we can see the use of Encapsulation by using properties. The property has two accessor get and set. The get accessor returns the value of the some property field. The set accessor sets the value of the some property field with the contents of "value". Properties can be made read-only. This is accomplished by having only a get accessor in the property implementation.

SQL Injection attack by Example and how to prevent it in asp.net:

Today we will be learning about the SQL injection attack and ways to prevent this attack using simple coding practices. Using simple practices you can keep your database away from SQL injection attack. Many databases in today's world are prone to SQL Injection attack. This attack is often used by attackers to attack the database which means it can gain access to database and manipulate the database. This attack can be more dangerous if account, through which you are accessing the database, has all privileges to access database then attacker can delete the tables or even database itself.

What is SQL Injection attack?

Example 1:-

Consider a simple functionality which you have on your website where you use username in the SQL query to get details of user and based on result you proceed.

String Query = “select * from User_master where User_name ='"+ txtUsername.Text;

Now in textbox txtUsername you pass following value as "'; drop table User_master - -"

Now your Query will be like below

select * from User_master where User_name = ''; drop table User_master - -'

 

Now what this above code does it executes two statements in first statement it Executes the statement

select * from User_master where User_name = ''

 

After that semicolon (;) is there which tells SQL that it is end of first statement then after that it executes the second statement. drop table User_master and drops the table Note that:- Even if semicolon is not there it will take two as different statements as SQL it self can not identify SQL statement and Parameter you have to tell him which is query and which is parameter

Ways to prevent SQL injection attack

Below are some of the common coding practices which can be used to prevent the SQL Injection attack and make your application database secure. Use validation for input values: - You can check for User input inside the textboxes and validate them according to the expected value so no other value will be inserted into the database. In below example database expects only Numeric value so we have use a RegularExpressionValidator which will allow only numeric value to be entered inside the textBox

<asp:TextBox ID="txtid" runat="server"></asp:TextBox></span>
        <asp:RegularExpressionValidator ID="regExp" runat="server" ErrorMessage="*" ValidationExpression="^(-)?\d+(\.\d\d)?$"
            ControlToValidate="txtid"></asp:RegularExpressionValidator>

 

Use of Parameterized Query: Another way of preventing SQL Injection is using Parameterized Query, where you pass the required. As we pass parameter differently to Query it is not vulnerable to SQL Injection attack. AS SQL distinguishes between Parameter and Query.

SqlConnection conn = new SqlConnection(connectionString)
        DataSet ds = new DataSet();
        SqlDataAdapter da= new SqlDataAdapter("SELECT * FROM User_master WHERE au_id = @u_id", conn);                
        da.SelectCommand.Parameters.Add("@au_id", SqlDbType.VarChar, 11);
        da.SelectCommand.Parameters["@au_id"].Value = txtUsername.Text;
        da.Fill(ds);

 

Use of Stored Procedure: Another way of preventing SQL Injection is using Stored Procedure, where you pass the required parameters with values to the stored procedure which is defined for the stored procedure. As to stored procedure you pass value stored procedure takes it as Parameter so there is no risk of Database attack.

SqlConnection conn = new SqlConnection(connectionString)
        DataSet ds = new DataSet();
        SqlDataAdapter da= new SqlDataAdapter("p_get_user_details", conn);   
        da.SelectCommand.CommandType = CommandType.StoredProcedure;
        da.SelectCommand.Parameters.Add("@au_id", SqlDbType.VarChar, 11);
        da.SelectCommand.Parameters["@au_id"].Value = txtUsername.Text;
        da.Fill(ds);

 

Abstraction

Abstraction :

  • Abstraction refers to the act of representing essential features without including the background details or explanations.
  • Abstraction defines way to abstract or hide your data and members from outside world.
  • Classes use the concept of abstraction and are defined as a list of abstract attributes.
  • Simply speaking Abstraction is hiding the complexities of your class or struct or in a generic term Type from outer world.
  • This is achieved by means of access specifiers.
Access Modifier Description (who can access)
Private Only members within the same type.  (default for type members)

Protected

Only derived types or members of the same type.
Internal Only code within the same assembly. Can also be code external to object as long as it is in the same assembly.  (default for types)
Protected internal Either code from derived type or code in the same assembly. Combination of protected OR internal.
Public Any code. No inheritance, external type, or external assembly restrictions.

 

Code Example :

namespace AbstractionExample
{
public abstract class Shape
        {
            private float _area;
            private float _perimeter;

            public float Area
            {
                get
                {
                    return _area;
                }
                set
                {
                    _area = value;
                }
            }
            public float Perimeter
            {
                get
                {
                    return _perimeter;
                }
                set
                {
                    _perimeter = value;
                }
            }
            public abstract void CalculateArea();
            public abstract void CalculatePerimeter();
        }
}


Advantages of abstraction : are the hiding of implementation details, component reuse, extensibility, and testability. When we hide implementation details, we reveal a cleaner, more comprehensible and usable interface to our users. We are separating our interface from our implementation, and this makes component reuse more practical. Many, if not all of the object-oriented concepts we have discussed throughout this document play a role in the abstraction principle. Working together, their end goal is the same, to produce software that is flexible, testable, maintainable, and extensible.

Cheap MLB Jerseys maillot de foot pas cher www.fotballdrakter.org