Upgrades to the data access layer (DAL) in Workflow

Last published at: May 2nd, 2023

FlowWright's data access layer is the lowest architectural layer in the platform.  This is where all calls to the database are handled.  Whether users are requesting data from the database or updating data within the database, all calls are sent through this data access layer.

The data access layer in FlowWright product is improved in two areas. Firstly, the data access layer now supports parameterized queries. The second major upgrade involves single line class level methods for performing SQL operations. Details follow below!

Parameterized Queries

Because businesses face application security concerns now, parameterized queries have become very important. These queries provide protection against SQL injection attacks.  How does this work? Here's a look at what queries used to look like:

Select * from deLocations WHERE locationName LIKE '{locationName}'

Where the location Name variable is used to build the SQL statement at the end, the variable locationName could have some SQL injection data that can easily change the query.  With the new enhancements to the DAL,  users can now send parameterized queries such as these below.

Select * from deLocations WHERE locationName LIKE ?

In this example, the LocationName value is passed through a parameter, SQL will define this as parameter on the database server and handle it as a SQL parameter, where the database server is able prevent any SQL injections. Cool, right?

Single line class methods

Flowwright's users can use a single line of code for any SQL call, whether the ask is to get a data table or to update data within a table. 

An example of hose users can just call the method in the class is shown below:

DataTable oDT = clsDataAccess.getDataTable(connectionString, SQL statement, ref errorMsg,  parameters);

bool bFlag = clsDataAcess.NonQuery(connectionString, SQL statement, ref errorMsg, parameters);

int iCount = clsDataAcess.getScalarInt(connectionString, SQL statement, ref errorMsg, parameters);

Each new release of FlowWright includes significant usability and technical improvements for our customers.  FlowWright data access layer provides not only better performance for users, but ensures security.