public static async Task <IActionResult> CreateCustomer(
[HttpTrigger(AuthorizationLevel.Function, "post", Route = "customer")] HttpRequest req,
ILogger log,
ExecutionContext context)
{
log.LogInformation("HTTP request to CreateCustomer function.");
var config = CreateConfiguration(context);
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
var customer = JsonConvert.DeserializeObject <Customer>(requestBody);
// Never do this in production. It is open to SQL injection attacks.
var commandText =
"INSERT INTO SalesLT.Customer " +
"(" +
" NameStyle," +
" Title," +
" FirstName," +
" MiddleName," +
" LastName," +
" Suffix," +
" CompanyName," +
" SalesPerson," +
" EmailAddress," +
" Phone," +
" PasswordHash," +
" PasswordSalt," +
" ModifiedDate" +
") " +
"OUTPUT" +
" inserted.CustomerID " +
"VALUES" +
"(" +
" " + (customer.NameStyle ? 1 : 0) +
" ,'" + customer.Title + "'" +
" ,'" + customer.FirstName + "'" +
" ,'" + customer.MiddleName + "'" +
" ,'" + customer.LastName + "'" +
" ,'" + customer.Suffix + "'" +
" ,'" + customer.CompanyName + "'" +
" ,'" + customer.SalesPerson + "'" +
" ,'" + customer.EmailAddress + "'" +
" ,'" + customer.Phone + "'" +
" ,'" + customer.PasswordHash + "'" +
" ,'" + customer.PasswordSalt + "'" +
" ,'" + DateTime.Now.ToString("yyyy-MM-dd hh:mm:ss.fff") + "'" +
")";
var executor = new SqlExecutor(config);
int id = await executor.Execute <int>(commandText);
return(new JsonResult(id));
}
public static async Task <IActionResult> GetAllCustomers(
[HttpTrigger(AuthorizationLevel.Function, "get", Route = "customer")] HttpRequest req,
ILogger log,
ExecutionContext context)
{
log.LogInformation("HTTP request to GetAllCustomers function.");
var config = CreateConfiguration(context);
var executor = new SqlExecutor(config);
var customers = await executor.Execute(
"SELECT * FROM SalesLT.Customer",
CustomerDAL.ReadCustomerAsync);
return(new JsonResult(customers));
}
public static async Task <IActionResult> GetCustomerById(
[HttpTrigger(AuthorizationLevel.Function, "get", Route = "customer/{id}")] HttpRequest req,
string id,
ILogger log,
ExecutionContext context)
{
log.LogInformation("HTTP request to GetCustomerById function with id={0}.", id);
var config = CreateConfiguration(context);
int customerId = int.Parse(id);
var executor = new SqlExecutor(config);
var customers = await executor.Execute(
"SELECT * FROM SalesLT.Customer WHERE CustomerID = " + customerId,
CustomerDAL.ReadCustomerAsync);
return(new JsonResult(customers[0]));
}
public static async Task <IActionResult> DeleteCustomer(
[HttpTrigger(AuthorizationLevel.Function, "delete", Route = "customer/{id}")] HttpRequest req,
string id,
ILogger log,
ExecutionContext context)
{
log.LogInformation("HTTP request to DeleteCustomer function with id={0}.", id);
var config = CreateConfiguration(context);
int customerId = int.Parse(id);
var commandText =
"DELETE FROM SalesLT.Customer WHERE CustomerId = " + customerId;
var executor = new SqlExecutor(config);
await executor.Execute(commandText, isReadonly : false);
return(new OkResult());
}
public static async Task <IActionResult> UpdateCustomer(
[HttpTrigger(AuthorizationLevel.Function, "put", Route = "customer/{id}")] HttpRequest req,
string id,
ILogger log,
ExecutionContext context)
{
log.LogInformation("HTTP request to UpdateCustomer function with id={0}.", id);
var config = CreateConfiguration(context);
int customerId = int.Parse(id);
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
var customer = JsonConvert.DeserializeObject <Customer>(requestBody);
// Never do this in production. It is open to SQL injection attacks.
var commandText =
" UPDATE SalesLT.Customer " +
" SET " +
" NameStyle = " + (customer.NameStyle ? 1 : 0) + ", " +
" Title = '" + customer.Title + "', " +
" FirstName = '" + customer.FirstName + "', " +
" MiddleName = '" + customer.MiddleName + "', " +
" LastName = '" + customer.LastName + "', " +
" Suffix = '" + customer.Suffix + "', " +
" CompanyName = '" + customer.CompanyName + "', " +
" SalesPerson = '" + customer.SalesPerson + "', " +
" EmailAddress = '" + customer.EmailAddress + "', " +
" Phone = '" + customer.Phone + "', " +
" PasswordHash = '" + customer.PasswordHash + "', " +
" PasswordSalt = '" + customer.PasswordSalt + "', " +
" ModifiedDate = '" + DateTime.Now.ToString("yyyy-MM-dd hh:mm:ss.fff") + "' " +
" WHERE " +
" CustomerId = " + customerId;
var executor = new SqlExecutor(config);
await executor.Execute(commandText);
return(new OkResult());
}
