How to implement this C# class hierarchy

Question

What I want to do is really simple. I have a class which handles my database executions called clsSQLInterface. This class contains a static function called bool isSQLSafe which will return false if the SQL being sent for execution is considered dangerous. This is so I have one point where I can filter out any malicious goings on.

Now, another part of my program actually needs to be able to do things like UPDATE, DELETE etc. So I thought I would inherit the clsSQLInterface class and override the isSQLSafe function with something that always returns true.

This isn't a question about database secutrity btw!

Ok so I did this like this...

public class clsSQLInterface //Code not shown, just definitions
{
  private static string connectionString(string sKey){...}

  public static bool isSQLSafe(string sSQL){...}

  public static DataTable executeSQLText(string sSQL, string sConnectionKey){...}

  public static DataTable executeGenericQuery(clsGenericSQL query,string sDBKey){...}
}

And the overriding class..

public class clsSQLInterface_unsafe : clsSQLInterface
{
    public clsSQLInterface_unsafe()
    {   
    }

    public new static bool isSQLSafe(string sSQL) //overriding the base method
    { return true; }
}

Ok. The problem with this approach is that isSQLSafe is called from within the methods executeSQLText and executeGenericQuery. What I want these methods to do is call the overridden isSQLSafe which always returns true. However, they don't. They call the base implementation.

Do I also have to override every method which calls isSQLSafe? This seems like a waste of code.

Surely when I inherit the class I am effectively 'copying' all the base methods and they should behave as though they are now part of clsSQLInterface_unsafe?

Answer 1

You cannot override static methods. They are not inherited, they are methods of the class, not of an instance of the class. A static method in the base class will always call the static method in the same class.
Just making the methods not static and virtual, then overriding them in the derived class should solve your problem.

EDIT: the new static modifier just tells the compiler that you intend to hide the method of the base class (try to remove it and see the warning you get), but it does not override anything.

Overriding means that the derived class version of the function is taking the place of the base class version in the virtual table.
The virtual table is an index of the methods associated to an instance. No instance, no virtual table, therefore you cannot override a static method.

P.S: have a look at a better explaination of what is a virtual table here: http://en.wikipedia.org/wiki/Virtual_method_table

Answer 2

The problems comes from the static modifier.

You may reconsider refactor your code using, why not, something like this :

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;

    namespace ConsoleApplication1
    {
        public abstract class BaseSqlInterface
        {
            protected abstract bool IsSafe(string instruction);

            public void Execute(string sqlStatement)
            {
                if (IsSafe(sqlStatement))
                {
                    // run the sql command
                }
                else
                {
                    throw new Exception("You're evil");
                }
            }
        }

        public class SqlInterfaceSafe : BaseSqlInterface
        {
            public override bool IsSafe(string instruction)
            {
                return instruction.Contains("I'm not evil, I promise");
            }
        }
        public class SqlInterfaceUnsafe : BaseSqlInterface
        {
            public override  bool IsSafe(string instruction)
            {
                return true;
            }
        }


        public static class SqlInterfaceFactory
        {
            public static BaseSqlInterface GetInstance()
            {
                // return the actual object using IOC, switch, ... whichever method you want
                return DateTime.Now.Day % 2 == 0 ? (BaseSqlInterface)new SqlInterfaceSafe() : new SqlInterfaceUnsafe();
            }
        }
    }