Webmatrix and Stored Procedures
-
03-10-2019 - |
Question
I'm fooling around with WebMatrix, and so far the best way I've figured out how to use stored procedures with Razor/WebMatrix is like so-
@if (IsPost) {
var LinkName = Request["LinkName"];
var LinkURL = Request["LinkURL"];
string sQ = String.Format("execute dbo.myprocname @LinkName=\"{0}\",
@LinkURL=\"{1}",LinkName, LinkURL);
db.Execute(sQ);
}
Note, I'm not doing any sort of checking for SQL injections or anything like that, which I think would be uber necessary. Am I missing something?
Solution
The Execute
method accepts parameters.
@if (IsPost) {
var LinkName = Request["LinkName"];
var LinkURL = Request["LinkURL"];
string SQL = "exec dbo.myprocname @0, @1";
db.Execute(SQL, LinkName, LinkURL);
}
Update: I've updated my answer so that the parameters for the sproc are given placeholders that are numbered rather than named.
OTHER TIPS
well, this is what I found is easiest and you can use named parameters. Meaning, if your stored procedure has several optional parameters, you can only pass the ones you need or want to pass.
@{
var db = Database.Open("your database name");
var param1 = "informationhere";
var param2 = "informationhere";
// or var param2 = 15247 (no quotes necessary if param is an integer datatype)
var procRows = db.Query("Exec dbo.procName @RealParameterName1=@0, @RealParameterName2=@1", param1, param2);
}
<table>
@foreach( var procRow in procRows )
{
<tr>
<td>@procRow.ColumnName1</td>
<td>@procRow.ColumnName2</td>
<td>@procRow.ColumnName3</td>
//etc
</tr>
}
</table>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow