I want call stored procedure to insert some value to database using netcore entity framework 5 , the stored procedure work perfectly in pgadmin

Question

these the values that i want to pass i try a lot but nothing work

 [HttpPost]
                public async Task< IActionResult> Adduser(string fname , string lname , string pass , string uname , string actname , int cnumber , string cname , string depname  )
                {
        
                     var result =await _context.Database.ExecuteSqlRawAsync($"call transfer @fname,@lname, @pass,@uname,@actname,@cnumber,@cname,@depname {fname},{lname},{pass},{uname},{actname},{cnumber},{cname},{depname} " );
                      await _unitOfWork.CompleteAsync();
                    return Ok();
                }

Welcome to Stack Overflow. Please take the [tour] to learn how Stack Overflow works and read [ask] on how to improve the quality of your question. Then [edit] your question to include your source code as a working [mcve], which can be compiled and tested by others. Please show your attempts you have tried and the problems/error messages you get from your attempts. Please see: [What Do You Mean “It Doesn't Work”?](https://meta.stackexchange.com/q/147616) It is unclear what you are asking or what the problem is. — Progman, Sep 16 '22 at 18:27
You might want to look at https://stackoverflow.com/questions/20901419/how-to-call-stored-procedure-in-entity-framework-6-code-first on how to call stored procedures in Entity Framework. — Progman, Sep 16 '22 at 18:48
Does it report any error or just return 0? Have you tried to use `ExecuteSqlInterpolated()` instead of use `ExecuteSqlRawAsync()`? — Xinran Shen, Sep 19 '22 at 07:41
the error show it to me is the first argument i give like when i give the fname(mark) the error is syntax error near or at mark — Munther Alkhwaldeh, Sep 19 '22 at 09:37
also i use ExecuteSqlInterpolated() doesnot work either i am getting tired of this really :( — Munther Alkhwaldeh, Sep 19 '22 at 09:38

Graham · Answer 1 · 2022-09-19T14:03:45.750

-1

Try

$"exec transfer @fname ='{fname.Replace("'", "''")}',@lname ='{lname.Replace("'", "''")}', @pass ='{pass.Replace("'", "''")}',@uname ='{uname.Replace("'", "''")}',@actname ='{actname.Replace("'", "''")}',@cnumber ={cnumber},@cname ='{cname.Replace("'", "''")}',@depname ='{depname.Replace("'", "''")}'"

The "replace" calls are intended to prevent SQL Injection. I assumed everything was a string on the SQL side, but quoting shouldn't hurt in most cases if they aren't.

edited Sep 19 '22 at 14:03

answered Sep 16 '22 at 18:45

Graham

609
6
9

it show me error in int value cnumber – Munther Alkhwaldeh Sep 16 '22 at 18:53
@MuntherAlkhwaldeh I missed that it was an Int. I removed the Replace (as it can't be the source of SQL injection... and doesn't have that function) and the SQL quotes around it. – Graham Sep 16 '22 at 19:16
Thanks for your effort , but still does not working , its show me error near or at @ i delete it also show me error near or at fname also delete it error the name i give it for first argument(syntax error at or near "Mark") :( – Munther Alkhwaldeh Sep 17 '22 at 08:23
@MuntherAlkhwaldeh Give it one last try. I updated the statement – Graham Sep 19 '22 at 14:03

I want call stored procedure to insert some value to database using netcore entity framework 5 , the stored procedure work perfectly in pgadmin

1 Answers1