Reputation: 9
C# string to number
I want to store to a column a value from string to number
I have this part of code in c#
//Order
string refId = order.id.ToString();
ApplicationLogger.Write("order.date_created : " + order.date_created.ToString());
var dateTime = Convert.ToDateTime(order.date_created.ToString()).ToString("MM/dd/yyyy HH:mm:ss");
string weight = order.cart_hash;
string totalPrice = order.total.ToString();
string paymentMethod = order.payment_method;
string shippingCosts = order.shipping_total.ToString();
string insertOrderQuery = string.Empty;
try
{
string invoice = "ΛΙΑ";
if (order.billing != null)
{
if (!string.IsNullOrEmpty(order.billing.company))
invoice = "TIM";
}
//checkIfalreadyExists
DataTable orderDT = BaseDAL.ExecCommand("select * from Z_Orders where refId='" + refId + "'", null, connectionString);
if (orderDT != null && orderDT.Rows.Count <= 0)
{
insertOrderQuery = "Insert into Z_Orders ([refId],[date_time],[invoice],[order_weight],[total_price],[payment_method],[shipping]) values ('" + refId + "','" + dateTime + "','" + invoice + "','" + weight + "','" + totalPrice + "','" + paymentMethod + "','" + shippingCosts +"')";
BaseDAL.ExecNonQueryCommand(insertOrderQuery, null, connectionString);
}
All working right and store to local database but i want this value
string shippingCosts = order.shipping_total.ToString();
to store to database like number and not string
Number has decimal
So how i can do this and what should add at column of database as property
to
Upvotes: 0
Views: 87
Answers (1)
Reputation: 1063569
You are approaching this problem backwards. The correct thing to do here is treat numbers as numbers, treat datetimes as datetimes, etc; do not force everything to strings and concatenate. In addition to being a SQL injection attack vector, this risks huge i18n/l10n problems (what does one-hundred point six three two look like as a string? in the US? in France, Spain?) and makes query plan caching useless.
Instead: use parameters. I don't know what your BaseDAL layer does, but: if I give examples using Dapper syntax:
var existing = connection.QueryFirstOrDefault<int?>(
"select refId from Z_Orders where refId=@refId",
new { refId = order.id });
if (existing is null)
{
connection.Execute(@"Insert into Z_Orders (
[refId],[date_time],[invoice],[order_weight],
[total_price],[payment_method],[shipping])
values (
@refId, @dateTime, @invoice, @weight,
@totalPrice, @paymentMethod, @shippingCosts);", new {
refId = order.id, dateTime = order.order_date, invoice, weight = order.cart_hash,
totalPrice = order.total, paymentMethod = order.payment_method, shippingCosts = order.shipping_total});
}
(you can do all this manually; Dapper is just one tool that makes correctly parameterizing SQL simple; many other ORM/etc tools offer similar features)
Upvotes: 2
Related Questions
- What is the difference between String and string in C#?
- Case insensitive 'Contains(string)'
- How do I encode and decode a base64 string?
- Identify if a string is a number
- How to calculate difference between two dates (number of days)?
- How do you convert a byte array to a hexadecimal string, and vice versa?
- Multiline string literal in C#
- JavaScriptSerializer - JSON serialization of enum as string
- Convert a string to an enum in C#
- Creating a comma separated list from IList<string> or IEnumerable<string>