/// <summary>
/// execute with ExecuteNonQuery() method.
/// </summary>
/// <param name="query">Query to execute. Example: INSERT INTO public.\"Image\"(\"ImageName\", \"Description\", \"Price\", \"Quantity\", \"Isprivate\", \"UserId\", \"ImgByte\") " + "VALUES(@ImageName, @Description, @price, @quantity, @IsPrivate, @UserId, @ImgByte); </param>
/// <param name="imageModel">Param name. Example: []{"prodId". "qtd"}</param>
/// <returns> return true if successful insertion </returns>
public Boolean ExecuteInsertImage(string query, InsertImageModel imageModel)
{
connection.Open();
bool success = true;
using (var cmd = new NpgsqlCommand(query, connection))
{
try
{
cmd.Parameters.AddWithValue("ImageName", imageModel.ImageName);
cmd.Parameters.AddWithValue("Description", imageModel.Description);
cmd.Parameters.AddWithValue("price", imageModel.Price);
cmd.Parameters.AddWithValue("quantity", imageModel.Quantity);
cmd.Parameters.AddWithValue("IsPrivate", imageModel.Isprivate);
cmd.Parameters.AddWithValue("UserId", imageModel.UserId);
cmd.Parameters.AddWithValue("ImgByte", imageModel.ImgByte);
int result = cmd.ExecuteNonQuery();
//nothing inserted, something went wrong
if (result < 0)
{
success = false;
}
}
catch (SqlException e)
{
Console.WriteLine("SqlException caught " + e);
}
}
connection.Close();
return(success);
}
public IActionResult InsertImage(InsertImageModel imageModel)
{
//could ideally use LINQ or other ORM library, or even move this to XML level to clean it up.
//just avoid sql injection by parameterizing for now:
string query = "INSERT INTO public.\"Image\"(\"ImageName\", \"Description\", \"Price\", \"Quantity\", \"Isprivate\", \"UserId\", \"ImgByte\") " +
"VALUES(@ImageName, @Description, @price, @quantity, @IsPrivate, @UserId, @ImgByte); ";
//read the file to bytes
ImageService service = new ImageService();
byte[] filebytes = service.ReadAllBytes(imageModel.Path);
imageModel.ImgByte = filebytes;
return(ExecuteInsertImage(query, imageModel) == true?Json(HttpStatusCode.OK) : Json(HttpStatusCode.BadRequest));
}
