Skip to content


Build efficient SQL statements with multiple parameters in C#

I have a list of items with different ids which represent a SQL table’s PK values. Is there any way to build an efficient and safe statement? Since now I’ve always prepared a string representing the statement and build it as I traversed the list via a foreach loop. Here’s an example of what I’m doing: Which feels very unsafe

ADO.NET: Send procedure parameter with null value

I need to send a parameter a null value to the procedure, but I get an error: System.Data.SqlClient.SqlException: ‘Procedure or function ‘sel_mizanyeni’ expects parameter ‘@subeno’, which was not supplied.’ When I run the same procedure with the same parameters in SQL Server, it does not cause an error. When I run it with ADO.NET in C#, I get that error.

Search SQL database with multiple filters

I have the following code: This gives me the rows where “category_id” is equal to the 1. I now want the SELECT statement to return rows where the “category_id” is equal to one of the values I give it. So a simple SELECT statement would look something like this The problem is that I wouldn’t know the values to search

How to connect sql Database with in Asp.Net Core Mvc 5.0?

I can not find where am i missing. my code like this ; users.cs : } usersAccessLayer.cs ; appsettings.json And finally i got this error; An unhandled exception occurred while processing the request. NullReferenceException: Object reference not set to an instance of an object. Adonet_Sql.Models.users..ctor() in users.cs, line 14 Adonet_Sql.Models.users..ctor() in users.cs bla bla. Answer ConfigurationManager.ConnectionStrings[“DefaultConnection”].ConnectionString; is for .net Core

Unexpected token when creating a string expression?

I have the following code: There is an error here ‘{cardId And it tells me Invalid Expression term ” Answer You need to be aware that this kind of string concatenation is avoided and it is open to SQL Injection attack, you should always use parameterized queries to avoid SQL Injection and also to get rid of errors, something like