Middle-Tier Methods for Products Administration

The methods you write here, GetAllProductsInCategory, CreateProduct, and UpdateProduct, although long, are similar to what you have done so far.

What is important to note is the different error-handling strategies implemented in these methods. In GetAllProductsInCategory (and in all the other Get... methods), we consider any errors are important enough to be signaled to the user with an “oops” message, so we don’t catch them in the business tier.

Errors with update- and create- type of methods are more likely due to bad input data, so we prefer to signal with a “friendlier” error message instead of allowing the error to cause the Oooops.aspx page to display. In these cases, we catch any potential exceptions to prevent them from propagating, and we return the success value as a bool value. The presentation tier decides what to tell the visitor depending on this value.

Add the following code to your CatalogAccess class:

// retrieve the list of products in a category

public static DataTable GetAllProductsInCategory(string categoryId) {

// get a configured DbCommand object

DbCommand comm = GenericDataAccess.CreateCommand();

// set the stored procedure name

comm.CommandText = "GetAllProductsInCategory";

// create a new parameter

DbParameter param = comm.CreateParameter();

param.ParameterName = "@CategoryID";

param.Value = categoryId;

param.DbType = DbType.Int32;

comm.Parameters.Add(param);

// execute the stored procedure and save the results in a DataTable DataTable table = GenericDataAccess.ExecuteSelectCommand(comm);

return table;

}

// Create a new product

public static bool CreateProduct(string categoryId, string name, string description, string price, string image1FileName, string image2FileName,

string onDepartmentPromotion, string onCatalogPromotion) {

// get a configured DbCommand object

DbCommand comm = GenericDataAccess.CreateCommand();

// set the stored procedure name comm.CommandText = "CreateProduct";

// create a new parameter

DbParameter param = comm.CreateParameter();

param.ParameterName = "@CategoryID";

param.Value = categoryId;

param.DbType = DbType.Int32;

comm.Parameters.Add(param);

// create a new parameter param = comm.CreateParameter();

param.ParameterName = "@ProductName";

param.Value = name;

param.DbType = DbType.String;

param.Size = 50;

comm.Parameters.Add(param);

// create a new parameter param = comm.CreateParameter();

param.ParameterName = "@ProductDescription";

param.Value = description;

param.DbType = DbType.AnsiString;

param.Size = 5000;

comm.Parameters.Add(param);

// create a new parameter param = comm.CreateParameter();

param.ParameterName = "@ProductPrice";

param.Value = price;

param.DbType = DbType.Decimal;

comm.Parameters.Add(param);

// create a new parameter param = comm.CreateParameter();

param.ParameterName = "@Image1FileName";

param.Value = image1FileName;

param.DbType = DbType.String;

comm.Parameters.Add(param);

// create a new parameter param = comm.CreateParameter();

param.ParameterName = "@Image2FileName";

param.Value = image2FileName;

param.DbType = DbType.String;

comm.Parameters.Add(param);

// create a new parameter param = comm.CreateParameter();

param.ParameterName = "@OnDepartmentPromotion";

param.Value = onDepartmentPromotion;

param.DbType = DbType.Boolean;

comm.Parameters.Add(param);

// create a new parameter param = comm.CreateParameter();

param.ParameterName = "@OnCatalogPromotion";

param.Value = onCatalogPromotion;

param.DbType = DbType.Boolean;

comm.Parameters.Add(param);

// result will represent the number of changed rows int result = -1;

try {

// execute the stored procedure

result = GenericDataAccess.ExecuteNonQuery(comm);

} catch {

// any errors are logged in GenericDataAccess, we ignore them here }

// result will be 1 in case of success return (result >= 1);

}

// Update an existing product

public static bool UpdateProduct(string productId, string name, string description, string price, string image1FileName, string image2FileName, string

onDepartmentPromotion, string onCatalogPromotion) {

// get a configured DbCommand object

DbCommand comm = GenericDataAccess.CreateCommand();

// set the stored procedure name comm.CommandText = "UpdateProduct";

// create a new parameter

DbParameter param = comm.CreateParameter();

param.ParameterName = "@ProductID";

param.Value = productId;

param.DbType = DbType.Int32;

comm.Parameters.Add(param);

// create a new parameter param = comm.CreateParameter();

param.ParameterName = "@ProductName";

param.Value = name;

param.DbType = DbType.String;

param.Size = 50;

comm.Parameters.Add(param);

// create a new parameter param = comm.CreateParameter();

param.ParameterName = "@ProductDescription";

param.Value = description;

param.DbType = DbType.AnsiString;

param.Size = 5000;

comm.Parameters.Add(param);

// create a new parameter param = comm.CreateParameter();

param.ParameterName = "@ProductPrice";

param.Value = price;

param.DbType = DbType.Decimal;

comm.Parameters.Add(param);

// create a new parameter param = comm.CreateParameter();

param.ParameterName = "@Image1FileName";

param.Value = image1FileName;

param.DbType = DbType.String;

param.Size = 50;

comm.Parameters.Add(param);

// create a new parameter param = comm.CreateParameter();

param.ParameterName = "@Image2FileName";

param.Value = image2FileName;

param.DbType = DbType.String;

param.Size = 50;

comm.Parameters.Add(param);

// create a new parameter param = comm.CreateParameter();

param.ParameterName = "@OnDepartmentPromotion";

param.Value = onDepartmentPromotion;

param.DbType = DbType.Boolean;

comm.Parameters.Add(param);

// create a new parameter param = comm.CreateParameter();

param.ParameterName = "@OnCatalogPromotion";

param.Value = onCatalogPromotion;

param.DbType = DbType.Boolean;

comm.Parameters.Add(param);

// result will represent the number of changed rows int result = -1;

try {

// execute the stored procedure

result = GenericDataAccess.ExecuteNonQuery(comm);

} catch {

// any errors are logged in GenericDataAccess, we ignore them here }

// result will be 1 in case of success return (result != -1);

}

■ Note The product description is sent as a DbType.AnsiString parameter because DbType.String stores Unicode characters and only supports strings up to 4,000 characters.