How can i make a delete query with more that 1 condition?

Question

I need to clear a row in the SQL database. Can I do it like this?:

            string idprod = Request.QueryString["IDProduto"];
            string size= Request.QueryString["Size"];

            try
            {
                liga.Open();
                SqlCommand comando = new SqlCommand();
                comando.CommandText = "delete FROM dbo.M16_Tbl_Carrinho where ID_User=" + 
Session["IDuser"] + " and ID_Produto="+idprod+" and Tamanho="+tamanho+"";
                comando.Connection = liga;
                Response.Redirect("Cart.aspx");
            }
            catch (Exception er)
            {
                Response.Write($"<script>alert({er.Message});</script>");
            }

Answer 1

I would suggest you to look at this example: https://www.c-sharpcorner.com/UploadFile/718fc8/save-delete-search-and-update-record-in-ado-net/

It has all CRUD operations example. Also, do not use string concatenation. Instead use Sql parameter as suggested by @Ross.

Try to separate your presentation logic from data access logic. Your one method doing lots of things.

Answer 2

Short answer: Yes, you can do it that way, but there are good reasons to not do so.

Answer to the actual question: Yes, you can put as much as you want in the WHERE clause.

Advice against SQL injection: Never, ever concatenate values in a string in this way. Use prepared parameters. Example excerpt:

            liga.Open();
            SqlCommand comando = new SqlCommand();
            comando.CommandText = "delete FROM dbo.M16_Tbl_Carrinho where ID_User=@iduser and ID_Produto=@idprod and Tamanho=@tamanho";
            comando.Parameters.Add("@iduser").Value = iduser;
            comando.Parameters.Add("@idprod").Value = idprod;
            comando.Parameters.Add("@tamanho").Value = tamanho;
            comando.Connection = liga;