C
C#13mo ago
Zil

DotNet and Dapper. Incorrect syntax near ','.

Hello folks, Im trying to execute a sql query: 
c++
[HttpPost]
        public async Task<ActionResult<List<Step>>> PostNewStepInfo(string databaseName, List<Step> steps)
        {
            try
            {
                using var connection = new SqlConnection(_config.GetConnectionString("Default"));

                foreach (var step in steps)
                {
                    var test = await connection.ExecuteAsync($@"
                    INSERT INTO[{databaseName}].[dbo].[StepTable] ([Type], [ParentKey], [SubWorkflowCode], [Sequence], [WorkflowKey]) 
                    OUTPUT INSERTED.[Key] 
                    VALUES('{step.Type}', {step.ParentKey}, {step.SubWorkflowCode}, {step.Sequence}, {step.WorkflowKey});"
                        );

                    foreach (var parameter in step.Parameters)
                    {
                        await connection.ExecuteAsync($@"
                        INSERT INTO [{databaseName}].[dbo].[ParameterTable] ([Name], [Source], [Value], [WorkflowStepKey], [GroupCode], [EditedByCustomer]) 
                        VALUES ('{parameter.Name}', '{parameter.Source}', '{parameter.Value}', {test}, 'NULL', 0);"
                            );
                    }
                }
                return Ok(steps);
            }
            catch (SqlException ex) {
                Console.WriteLine($"SQL Exception: {ex.Message}");
                throw;
            }
        }
c++
[HttpPost]
        public async Task<ActionResult<List<Step>>> PostNewStepInfo(string databaseName, List<Step> steps)
        {
            try
            {
                using var connection = new SqlConnection(_config.GetConnectionString("Default"));

                foreach (var step in steps)
                {
                    var test = await connection.ExecuteAsync($@"
                    INSERT INTO[{databaseName}].[dbo].[StepTable] ([Type], [ParentKey], [SubWorkflowCode], [Sequence], [WorkflowKey]) 
                    OUTPUT INSERTED.[Key] 
                    VALUES('{step.Type}', {step.ParentKey}, {step.SubWorkflowCode}, {step.Sequence}, {step.WorkflowKey});"
                        );

                    foreach (var parameter in step.Parameters)
                    {
                        await connection.ExecuteAsync($@"
                        INSERT INTO [{databaseName}].[dbo].[ParameterTable] ([Name], [Source], [Value], [WorkflowStepKey], [GroupCode], [EditedByCustomer]) 
                        VALUES ('{parameter.Name}', '{parameter.Source}', '{parameter.Value}', {test}, 'NULL', 0);"
                            );
                    }
                }
                return Ok(steps);
            }
            catch (SqlException ex) {
                Console.WriteLine($"SQL Exception: {ex.Message}");
                throw;
            }
        }
This is the data im trying to insert 
[
  {
      "type": "a test",
      "parentKey": null,
      "subWorkflowCode": null,
      "sequence": 4,
      "workflowKey": 1,
      "parameters": [
          {
              "name": "od1",
              "source": "od1",
              "value": "od1"
          },
          {
              "name": "od2",
              "source": "od2",
              "value": "od2"
          }
      ]
  }
]
[
  {
      "type": "a test",
      "parentKey": null,
      "subWorkflowCode": null,
      "sequence": 4,
      "workflowKey": 1,
      "parameters": [
          {
              "name": "od1",
              "source": "od1",
              "value": "od1"
          },
          {
              "name": "od2",
              "source": "od2",
              "value": "od2"
          }
      ]
  }
]
Error: 
(0x80131904): Incorrect syntax near ','.
(0x80131904): Incorrect syntax near ','.
Thanks in advance!
3 Replies
Tvde1
Tvde113mo ago
Where do you think the error is? Which line is causing it? There is a lot of code in your snippet, irellevant to the error :p
Tvde1
Tvde113mo ago
Also, give this a read :) https://www.learndapper.com/parameters
Dapper Parameter, SQL Injection, Anonymous and Dynamic Parameters
Dapper allows specifying parameters in querying methods to avoid SQL Injection. Learn more about how to use anonymous, dynamic, string, and output parameter
Zil
Zil13mo ago
ParentKey and SubworkflowKey are both empty when handled in the SQL query i just found out They are null in the request but empty strings in sql query. This is what the query looks like when its getting executed 
c++
VALUES ('a test', , '', 4, 1);
c++
VALUES ('a test', , '', 4, 1);
yea my bad, i had no idea where the error was coming from thats why i just posted the whole endpoint
Want results from more Discord servers?
Add your server
More Posts
❔ Reading from ClientWebSocket with BinaryReaderI am building an app to work as a gateway between a consumer connecting to a .NET websocket server a❔ How to use a readonly property for binding [AvalonEdit]?Hello, I have created a behavior for AvalonEdit following the accepted answer here https://stackoverReturn NotFound with detailsHello. I have a asp.net core Web API with controllers and I want to return for example a NotFound Er❔ Is building a DM/messaging system as simple as it seems?With signalr, that is. Is it as simple as just setting up signalr and persisting messages and then❔ Linux GUIHello, is there a possibility to create a GUI under Linux. Unfortunately I only find outdated things❔ Specify timezone of DateTime converted from localized timestamp without changing the time?I'm working with an API that returns timestamps localized to Eastern Standard Time. These are encode❔ ANTLR - No Base visitor createdIn my Output Folder, there is no BaseVisitor File created, which i need.✅ Seeking Alternative jQuery Plugin for Exporting ASP.NET Web Form HTML Table to Excel and PDFI am currently working on an ASP.NET Web Forms project and need your assistance in finding a suitabl❔ Error for no reason?I'm trying a leetcode question and I think I've solved it but whenever I run it, I get an error: ```Looping a query bad practice? Good alternative?This is my end-point atm: ```c++ [HttpPost] public async Task<ActionResult<List<Step>>> PostNewStepI