I need to change the table name dynamically based on specific conditions. Is it safe to build my sql query the following way or am I prone to SQL Injection? To generalize, I want to build a parameterized sql query string by concatenating constant strings. Answer While this should not present any security problem as presented. There should not be
Tag: c#
Extracting hashtags by sql
I have this problem – currently I am extracting hashtags in a C# application but now I want to move it to SQL Server. In C# I have code using a regex: In T-SQL, I would like to have something like this: Answer Using the string_split
How to use Distinct in entity/linq based on certain columns (Remove duplicated values)
I want to remove the duplicated values from the columns ” 1)LabelName, 2)OpenLabelStandard, 3)Type “. The issue is that my table has four columns. beside to the three previous columns I have another one called 4)’Distance’. it is not a field from database. I added it to my table using some calculations in view model. the distance column is changeable
‘ExecuteNonQuery requires an open and available Connection. The connection’s current state is closed.’ – C#
The code: This error shows up when I click the save button: System.InvalidOperationException: ‘ExecuteNonQuery requires an open and available Connection. The connection’s current state is closed.’ I am using the using keyword, if I’m correct doesn’t using automatically opens and closes the sqlConnection? If so, why does it returns an error that I need an open and available connection for
how to make the datagridview load faster with Multiple Row query – c# SQL
The code: The SSMS output: The output form loads slowly, the rows for the query are over 1000 so I think the cause of the slow load is the number of returned rows? If yes, how do make the load of the datagridview faster? Answer NOTE – this answer relates to the first part of the original question regarding why
ADO.NET: Send procedure parameter with null value
I need to send a parameter a null value to the procedure, but I get an error: System.Data.SqlClient.SqlException: ‘Procedure or function ‘sel_mizanyeni’ expects parameter ‘@subeno’, which was not supplied.’ When I run the same procedure with the same parameters in SQL Server, it does not cause an error. When I run it with ADO.NET in C#, I get that error.
Write a SQL query with a subquery in .NET Core using Entity Framework that returns a list of items with varying number of returned child rows
I have this test SqlFiddle: http://sqlfiddle.com/#!18/05fce/1 The idea is that for each product (table webspiderproduct) it will return the lowest price from each shopId from the table webspiderproductprice. So the returned data should look like this: I am using SQL Server. In pseudocode should I write a and then do a foreach through each row using linq and then add
“Buy Items” with SQL Transaction in EF Core, if user send many requests, items are bought even if they can’t afford it
I’m trying to make a game where the user can buy items with ingame coins. The coins and the items are stored in a SQL database, and user should (obviously) only be able to buy items that they can afford. The Problem with this code is that if the user spams many requests at the same time, he gets more
I didn’t true use order by in linq
Hi i develop web app with c#. I have sql query and i convert to linq but it’s not working true because of order by My sql query My linq Answer Here’s how you can do the order by on the count of each group and take the 3 with the highest count.
Remove “” from string or in SQL varchar
Is it even possible to return value of string without the ” ” ? I have the following string: Chb = “NOT”; Now i either want to remove the “” in C# or SQL. so i want to have either Chb = NOT in C# ,or i want to remove the ‘ ‘ in SQL that i get in @Chb