Reputation: 31
what makes up the correct SQL add statement, broke into parts for the Basic Beginners for Webmatrix 3?
I am a very new beginner to C#, not so much to the old style of doing code in vb. But trying to figure out the right way to write an add sql statement now days is extremely confusing, I am not sure what the following order goes I will break down the sql statement. For Example Purposes only.
var addsqlquery = "INSERT INTO Expenses (Company_Name, Company_Address, Company_City, Company_State, State_Tax_Rate1, Item_Name, Item_Price, Sales_Tax_Amount, State_Tax_Rate2, Zip_Code, Phone_Number, Quantity, Date_Bought, Truck_Number, Tax_Type) VALUES (@0,@1,@2,@3,@4,@5,@6,@7,@8,@9,10,@11,@12,@13,@14)
Now the main confusion is, What is the values of @1,@2,@3,@4,@5 and so on, where does that information come from. does that @0 come from the next line in code for example:
db.Execute(insertQuery,Company_Name, Company_Address, Company_City,Company_State, State_Tax_Rate1, Item_Name, Item_Price, Sales_Tax_Amount,State_Tax_Rate2, Zip_Code, Phone_Number, Quantity, Date_Bought, Truck_Number, Tax_Type);
like @0 = Company_Name? @2=Company_Address? If that is the case it should pull them variables from the submit button filling lets say:
var Company_Name=Request.Form["Company_Name"]; Correct?
I am very new to programming structures in C#, and webmatrix but I am confused and if someone can just explain to me where them variables are from and to where they get their information, I think I might be able to finally finish 1 page of upgrading my pages from asp (classic) to cshtml style. Thank you in advance.
Upvotes: 1
Views: 37
Answers (1)
Reputation: 30035
The tokens that begin with the @ sign and increment sequentially from 0 are parameter place-holders. That is, they are place-holders for values that are supplied to the sql statement.
Typically, the values come from the user as posted form values. You use parameters in your code to protect against possible SQL injection attacks.
You pass the values (or the source of them) to the Database.Execute, Database.Query, Database.QueryValue or Database.QuerySingle methods in the order in which they appear in the SQL e.g
var sql = INSERT INTO People (Firstname, Lastname, DateOfBirth) VALUES (@0,@1,@2)
db.Execute(sql, Request.Form["Firstname"], Request.Form["Lastname"], Request.Form["Dob"]);
You should spend some time reading the introductory tutorials for ASP.NET Web Pages/Razor, especially the ones on data access: http://www.asp.net/web-pages/overview/data/5-working-with-data.
I have also written a short series of articles on migrating from Classic ASP to Web Pages, which you also might find helpful. Here's the one about data: http://www.mikesdotnetting.com/article/226/migrating-classic-asp-to-asp-net-razor-web-pages-part-two-data-access
Upvotes: 1
Related Questions
- What are the correct version numbers for C#?
- What is the syntax for an inner join in LINQ to SQL?
- What is the best way to auto-generate INSERT statements for a SQL Server table?
- What is the correct SQL type to store a .Net Timespan with values > 24:00:00?
- What are the use cases for selecting CHAR over VARCHAR in SQL?
- What makes a SQL statement sargable?
- What is the correct SQL syntax for this SQL statement
- How do I make a simple graph in HTML/Webmatrix?
- CSHTML code not parsing in IE7