Search code examples

Is there anything wrong with this database class's execute query function?

So I have this old code being used, that runs simple ExecuteNonQuery command for database calls. I'm using DbConnection, DbTransaction and other System.Data.Common commands.

I seem to get a lot of Null Reference errors whenever I use the function in certain parts of the project, though it seems fine in other parts. I think it has to do with opening connections manually or some problem with calling it, but I'm wondering if the function itself is badly designed originally (shouldn't there be a way to fix any problems in the way it is called?)

I feel when transactions are involved, these null reference errors come up more often, I think the error I get is null exception at "_command = _db.GetStoredProcCommand(storedProcedure);" inside the following function. But that stored procedure does exist, so it makes no sense.

public List<OutputParameter> execute(String storedProcedure, StoredProcedureParameter[] sqlParameters)
      List<OutputParameter> outputParameters = new List<OutputParameter>();
      _command = _db.GetStoredProcCommand(storedProcedure);

    for (int x = 0; x < sqlParameters.GetLength(0); x++)
      if (sqlParameters[x] != null)
        StoredProcedureParameter sqlParameter = sqlParameters[x];
        String param = sqlParameter.ParameterName;

        DbType dbType = sqlParameter.DbType;
        object value = sqlParameter.Value;
        if (sqlParameter.IsOutputParam)
          _db.AddOutParameter(_command, param, dbType, 32);

          OutputParameter outputParameter = new OutputParameter(param);
          _db.AddInParameter(_command, param, dbType, value);
    if (_transaction == null)
      _db.ExecuteNonQuery(_command, _transaction);

    foreach (OutputParameter op in outputParameters)
      op.ParameterValue = _db.GetParameterValue(_command, op.ParameterName);

    return outputParameters;
  catch (SqlException sqle)
    throw new DataAccessException(sqle.ToString());
  catch (Exception e)
    throw new DataAccessException(e.ToString());


  • Your _command variable appears to be a field and as such a shared member.

    As such your code is very susceptible to multithreading issues (if two functions call this class with different stored procedures, what happens?).

    A Command should also be closed and disposed of properly, which is not happening in your code, not explicitly anyways.