Note by author:
Since writing this, I have expanded on this idea quite a bit. I have written a lightweight ORM class library that I call EntityJustWorks.
The full project can be found on GitHub or CodePlex.
EntityJustWorks not only goes from a class to DataTable (below), but also provides:
- SQL 'SELECT' statement to a List<T> of populated classes, each one resembling a row
Security Warning:
This library generates dynamic SQL, and has functions that generate SQL and then immediately executes it. While it its true that all strings funnel through the function Helper.EscapeSingleQuotes, this can be defeated in various ways and only parameterized SQL should be considered SAFE. If you have no need for them, I recommend stripping semicolons ; and dashes --. Also there are some Unicode characters that can be interpreted as a single quote or may be converted to one when changing encodings. Additionally, there are Unicode characters that can crash .NET code, but mainly controls (think TextBox). You almost certainly should impose a white list:
string clean = new string(dirty.Where(c => "abcdefghijklmnopqrstuvwxyz0123456789.,\"_ !@".Contains(c)).ToArray());
PLEASE USE the SQLScript.StoredProcedure and DatabaseQuery.StoredProcedure classes to generate SQL for you, as the scripts it produces is parameterized. All of the functions can be altered to generate parameterized instead of sanitized scripts. Ever since people have started using this, I have been maintaining backwards compatibility. However, I may break this in the future, as I do not wish to teach one who is learning dangerous/bad habits. This project is a few years old, and its already showing its age. What is probably needed here is a total re-write, deprecating this version while keep it available for legacy users after slapping big warnings all over the place. This project was designed to generate the SQL scripts for standing up a database for a project, using only MY input as data. This project was never designed to process a USER'S input.! Even if the data isn't coming from an adversary, client/user/manually entered data is notoriously inconsistent. Please do not use this code on any input that did not come from you, without first implementing parameterization. Again, please see the SQLScript.StoredProcedure class for inspiration on how to do that.
This class uses generics to accepts a class type, and uses reflection to determine the name and type of the class's public properties. With that, a new DataTable is made and the DataColumnCollection is fleshed out. Then you can add rows to the DataTable by passing instances of the class with it's property fields containing values.
Finally, we serialize the DataTable to an XML file, save it's Schema, then load it all back in again as a proof of concept.
Usage example:
List<Order> orders = new List<Order>();
// Fill in orders here ...
// orders.Add(new Order());
// Convert class to DataTable
DataTable ordersTable = ClassListToDataTable(orders);
// Set DataGrid's DataSource to DataTable
dataGrid1.DataSource = ordersTable;
Here is the Code:
public static DataTable ClassToDataTable<T>() where T : class
{
Type classType = typeof(T);
List<PropertyInfo> propertyList = classType.GetProperties().ToList();
if (propertyList.Count < 1)
{
return new DataTable();
}
string className = classType.UnderlyingSystemType.Name;
DataTable result = new DataTable(className);
foreach (PropertyInfo property in propertyList)
{
DataColumn col = new DataColumn();
col.ColumnName = property.Name;
Type dataType = property.PropertyType;
if (IsNullable(dataType))
{
if(dataType.IsGenericType)
{
dataType = dataType.GenericTypeArguments.FirstOrDefault();
}
}
else
{ // True by default
col.AllowDBNull = false;
}
col.DataType = dataType;
result.Columns.Add(col);
}
return result;
}
public static DataTable ClassListToDataTable<T>(List<T> ClassList) where T : class
{
DataTable result = ClassToDataTable<T>();
if(result.Columns.Count < 1)
{
return new DataTable();
}
if(ClassList.Count < 1)
{
return result;
}
foreach(T item in ClassList)
{
ClassToDataRow(ref result, item);
}
return result;
}
public static void ClassToDataRow<T>(ref DataTable Table, T Data) where T : class
{
Type classType = typeof(T);
string className = classType.UnderlyingSystemType.Name;
// Checks that the table name matches the name of the class.
// There is not required, and it may be desirable to disable this check.
// Comment this out or add a boolean to the parameters to disable this check.
if (!Table.TableName.Equals(className))
{
return;
}
DataRow row = Table.NewRow();
List<PropertyInfo> propertyList = classType.GetProperties().ToList();
foreach (PropertyInfo prop in propertyList)
{
if (Table.Columns.Contains(prop.Name))
{
if (Table.Columns[prop.Name] != null)
{
row[prop.Name] = prop.GetValue(Data, null);
}
}
}
Table.Rows.Add(row);
}
public static bool IsNullable(Type Input)
{
if (!Input.IsValueType) return true; // Is a ref-type, such as a class
if (Nullable.GetUnderlyingType(Input) != null) return true; // Nullable
return false; // Must be a value-type
}
Here is an example of how to serialize a DataTable to XML, and load it back again
string filePath = "order1.xml";
string schemaPath = Path.ChangeExtension(filePath,".xsd");
ordersTable.WriteXml(filePath);
ordersTable.WriteXmlSchema(schemaPath);
// Load
DataTable loadedTable = new DataTable();
loadedTable.ReadXmlSchema(schemaPath);
loadedTable.ReadXml(filePath);
// Set DataGrid's DataSource
dataGrid1.DataSource = dataTable;
The full project and source code for EntityJustWorks can be found on GitHub and CodePlex.