Zil
Zil
PostsComments
CC#
Created by Zil on 7/27/2023 in #help
Need help with dapper to prevent sql injection on database parameter!
true ill keep that in mind, thanks! also thank you @ℝ ill close the post
21 replies
CC#
Created by Zil on 7/27/2023 in #help
Need help with dapper to prevent sql injection on database parameter!
Right, is that something that is a good solution for a problem like this ?
21 replies
CC#
Created by Zil on 7/27/2023 in #help
Need help with dapper to prevent sql injection on database parameter!
Okay that worked but I feel like declaring the connection string for every end point like this bad practice? 
c++
[HttpGet]
        public async Task<ActionResult<List<Workflow>>> GetAllWorkflows(string databaseName)
        {
            var connectionString = $"Server=localhost;Database={databaseName};User Id=*;Password=*;TrustServerCertificate=True";
            using var connection = new SqlConnection(connectionString);

            var sql = "SELECT [Key],[Code] " +
                $"FROM [workflowTable] " +
                "ORDER BY [Key] ASC;";

            var workflows = await connection.QueryAsync<Workflow>(sql);

            return Ok(workflows);
        }
c++
[HttpGet]
        public async Task<ActionResult<List<Workflow>>> GetAllWorkflows(string databaseName)
        {
            var connectionString = $"Server=localhost;Database={databaseName};User Id=*;Password=*;TrustServerCertificate=True";
            using var connection = new SqlConnection(connectionString);

            var sql = "SELECT [Key],[Code] " +
                $"FROM [workflowTable] " +
                "ORDER BY [Key] ASC;";

            var workflows = await connection.QueryAsync<Workflow>(sql);

            return Ok(workflows);
        }
Is there a way I can maybe put a parameter inside the appsettings.json somehow so i can do something like 
c++
using var connection = new SqlConnection(_config.GetConnectionString("Default", databaseName));
c++
using var connection = new SqlConnection(_config.GetConnectionString("Default", databaseName));
21 replies
CC#
Created by Zil on 7/27/2023 in #help
Need help with dapper to prevent sql injection on database parameter!
true
21 replies
CC#
Created by Zil on 7/27/2023 in #help
Need help with dapper to prevent sql injection on database parameter!
is this safer? does this prevent sql injection ? because we removed the problem while trying to use dapper to prevent sql injection but now it feels like we just moved the parameter to somewhere else without fixing the sql injection ?
21 replies
CC#
Created by Zil on 7/27/2023 in #help
Need help with dapper to prevent sql injection on database parameter!
yea i know, it was just to get an indication of if this is what u meant
21 replies
CC#
Created by Zil on 7/27/2023 in #help
Need help with dapper to prevent sql injection on database parameter!
So you are saying instead of doing 
c++
using var connection = new SqlConnection(_config.GetConnectionString("Default"));
c++
using var connection = new SqlConnection(_config.GetConnectionString("Default"));
Something like 
c++
using var connection = new SqlConnection("Server=localhost;Database={databaseName};User Id=...;Password=...;TrustServerCertificate=True");
c++
using var connection = new SqlConnection("Server=localhost;Database={databaseName};User Id=...;Password=...;TrustServerCertificate=True");
21 replies
CC#
Created by Zil on 7/27/2023 in #help
Need help with dapper to prevent sql injection on database parameter!
Yea i know what you mean but in my case the api supports multiple databases. So in the actual front end a user can choose what database he wants to do certain CRUD operations in
21 replies
CC#
Created by Zil on 7/27/2023 in #help
Need help with dapper to prevent sql injection on database parameter!
Parameter*
21 replies
CC#
Created by Zil on 7/27/2023 in #help
Need help with dapper to prevent sql injection on database parameter!
Yes
21 replies
CC#
Created by Zil on 7/7/2023 in #help
✅ Handling changing Keys after an insert
Okay did that, thanks for your help. Ill just start on the solution we talked about and maybe somebody will still chime in! Thanks!!
36 replies
CC#
Created by Zil on 7/7/2023 in #help
✅ Handling changing Keys after an insert
Yea I wouldn't know any other possibility either... And i dont think people will still join a post with 31 comments already in it harold
36 replies
CC#
Created by Zil on 7/7/2023 in #help
✅ Handling changing Keys after an insert
Totally different: this feels like a lot of work for a endpoint or no ?
36 replies
CC#
Created by Zil on 7/7/2023 in #help
✅ Handling changing Keys after an insert
Yes Insert them with the new keys from the from the dictionary into the parentKey
36 replies
CC#
Created by Zil on 7/7/2023 in #help
✅ Handling changing Keys after an insert
So you are saying: 1. Insert the highest workflows that have a parentKey of 0, save old and new Keys for these objects. 2. Insert the workflows that have one of the old Keys as parentKey. save old a new Keys of these objects. Basiscly repeat this proces?
36 replies
CC#
Created by Zil on 7/7/2023 in #help
✅ Handling changing Keys after an insert
yes i see what you mean. this works for the "highest" workflows(that have a parentKey of 0). then you can indeed update the children that have those highest workflows as a parent. but those children can be a parent themselfs.
36 replies
CC#
Created by Zil on 7/7/2023 in #help
✅ Handling changing Keys after an insert
But what do we gain from inserting the objects that have a parentKey of 0 first ?
36 replies
CC#
Created by Zil on 7/7/2023 in #help
✅ Handling changing Keys after an insert
Yes
36 replies
CC#
Created by Zil on 7/7/2023 in #help
✅ Handling changing Keys after an insert
I also thought of grouping the workflows where each array starts with the parent and the objects after it are his children but then i will face this issue aswell
36 replies
CC#
Created by Zil on 7/7/2023 in #help
✅ Handling changing Keys after an insert
hmm, idk if that is a good approach because a child of a parent can also be a parent to another child. if that makes sense
36 replies