I have a huge form and try to add the the data with only a few lines of code - without declaring all variables. What I'm acutally trying is this:
string all_fields="";
string all_params="";
string all_values="";
var i=0;
foreach(string key in Request.Form) {
@Html.Raw(key + " " + Request.Form[key] + "\n")
if(all_fields==""){
all_fields="@"+i;
all_params=key;
all_values="\"" + Request.Form[key] + "\"";
}else{
all_fields+=", @"+i;
all_params+=", "+key;
all_values+=", \"" + Request.Form[key] + "\"";
}
i+=1;
}
var db = Database.Open("the_db");
var sql = "INSERT INTO the_table ("+all_fields+") Values("+all_params+")";
db.Execute(sql, all_values); <--- Don't work
The content of the variables look like:
string all_fields="fistname,lastname";
string all_params="@0,@1";
string all_values="\"Jon\", \"Doe\"";
I didn't really expect db.Execute(sql, all_values); does work. it's a string but it needs to be an object: https://learn.microsoft.com/en-us/dotnet/api/webmatrix.data.database.execute?view=aspnet-webpages-3.2#WebMatrix_Data_Database_Execute_System_String_System_Object___
How can I create this object? Or anyone another solution? Ideas?
I know I could do it with SQL only. But then I would run into an security issue because of sql-injection.
It doesn't recognice tehre are two inside the string.Create an object array - assign the first entry to beJonand the second to beDoe.