Learn More





DNN Community Blog

The Community Blog is a personal opinion of community members and by no means the official standpoint of DNN Corp or DNN Platform. This is a place to express personal thoughts about DNNPlatform, the community and its ecosystem. Do you have useful information that you would like to share with the DNN Community in a featured article or blog? If so, please contact .

The use of the Community Blog is covered by our Community Blog Guidelines - please read before commenting or posting.

Use DAL+ ExecuteSQL for truly rapid DotNetNuke® Module development

Using the ExecuteSQL method of the DotNetNuke Data Access Layer allows you to quickly and easily create DotNetNuke modules that access the database.

SQL vs. Stored Procedures

I love stored procedures as much as the next developer and have used them for years. However, during development I use the ExecuteSQL method of the DAL+ to initially create the module and later I turn the SQL statements into stored procedures.

The ExecuteSQL code looks like this (note: I am not using a data provider class for brevity):

 Dim mySqlString As New StringBuilder()
"SELECT * From DesktopModules")
Me.GridView1.DataSource = CType(DataProvider.Instance().ExecuteSQL(mySqlString.ToString()), IDataReader)

This allows truly rapid DotNetNuke Module development. There are cases where I would like to leave the code as SQL statements but previously I didn't because of two factors:

  • Risk of SQL Injection attacks
  • Supporting the {databaseOwner} and {objectQualifier} features of the DotNetNuke framework

While researching another issue I ran across this code in the DotNetNuke Core that solves both of those problems:

This is an overloaded function of the ExecuteSQL method and it addresses the two previous concerns. I altered my Super Simple DAL+ Tutorial to use code like this:

Dim mySqlString As New StringBuilder()

mySqlString.Append("SELECT FriendlyName, Description ")
"FROM {databaseOwner}{objectQualifier}DesktopModules ")
"WHERE Description like '%' + @SearchString + '%' ")
"ORDER BY FriendlyName")

Dim myParam As SqlParameter = New SqlParameter("@SearchString", SqlDbType.VarChar, 150)
myParam.Value = SearchString

Me.GridView1.DataSource = CType(DataProvider.Instance().ExecuteSQL(mySqlString.ToString(), myParam), IDataReader)

Even if you decide to use stored procedures, the ExecuteSQL method will allow you to quickly create your module because you wont have to  create the stored procedures until the final step. When you do create the stored procedures, you will be able to cut and paste most of the code.

If you decide to use the ExecuteSQL statements in production, you will only need database scripts to create and alter your tables. If you use ANSI compatible SQL syntax your module should also work with alternate databases such as Oracle and MySQL.

In addition, remember, The DAL+ is not just ExecuteSQL. It consists of 4 methods:

  • ExecuteNonQuery - Used to execute a stored procedure that will not return a value.
  • ExecuteReader - Used to execute a stored procedure that will return multiple records.
  • ExecuteScalar - Used to execute a stored procedure that will return a single value.
  • ExecuteSQL - Used to execute a sql statement.


Comment Form

Only registered users may post comments.


2sic Daniel Mettler (125)
Aderson Oliveira (15)
Alec Whittington (11)
Alex Shirley (10)
Andrew Nurse (30)
Anthony Glenwright (5)
Antonio Chagoury (28)
Ash Prasad (22)
Ben Schmidt (1)
Benjamin Hermann (25)
Benoit Sarton (9)
Beth Firebaugh (12)
Bill Walker (36)
Bob Kruger (5)
Brian Dukes (2)
Brice Snow (1)
Bruce Chapman (20)
Bryan Andrews (1)
cathal connolly (55)
Charles Nurse (163)
Chris Hammond (203)
Chris Paterra (55)
Clinton Patterson (28)
Cuong Dang (21)
Daniel Bartholomew (2)
Dave Buckner (2)
David Poindexter (3)
David Rodriguez (2)
Doug Howell (11)
Erik van Ballegoij (30)
Ernst Peter Tamminga (74)
Geoff Barlow (6)
Gifford Watkins (3)
Gilles Le Pigocher (3)
Ian Robinson (7)
Israel Martinez (17)
Jan Blomquist (2)
Jan Jonas (3)
Jaspreet Bhatia (1)
Jenni Merrifield (6)
Joe Brinkman (270)
John Mitchell (1)
Jon Henning (14)
Jonathan Sheely (4)
Jordan Coopersmith (1)
Joseph Craig (2)
Kan Ma (1)
Keivan Beigi (3)
Ken Grierson (10)
Kevin Schreiner (6)
Leigh Pointer (31)
Lorraine Young (60)
Malik Khan (1)
Matthias Schlomann (15)
Mauricio Márquez (5)
Michael Doxsey (7)
Michael Tobisch (3)
Michael Washington (202)
Mike Horton (19)
Mitchel Sellers (28)
Nathan Rover (3)
Navin V Nagiah (14)
Néstor Sánchez (31)
Nik Kalyani (14)
Peter Donker (52)
Philip Beadle (135)
Philipp Becker (4)
Richard Dumas (22)
Robert J Collins (5)
Roger Selwyn (8)
Ruben Lopez (1)
Ryan Martinez (1)
Salar Golestanian (4)
Sanjay Mehrotra (9)
Scott McCulloch (1)
Scott S (11)
Scott Wilkinson (3)
Scott Willhite (97)
Sebastian Leupold (80)
Shaun Walker (237)
Shawn Mehaffie (17)
Stefan Cullmann (12)
Stefan Kamphuis (12)
Steve Fabian (31)
Timo Breumelhof (24)
Tony Henrich (3)
Torsten Weggen (2)
Vicenç Masanas (27)
Vincent Nguyen (3)
Vitaly Kozadayev (6)
Will Morgenweck (37)
Will Strohl (163)
William Severance (5)
Try Evoq
For Free
Start Free Trial
a Demo
See Evoq Live
Need More Information?