public DataTable GetStock(StockTbInput stockTbInput) { DataTable dt = new DataTable(); using (SqlConnection con = new SqlConnection("Data Source=SAI-PC\\SQLEXPRESS; UID=sa; Password=Pass$123;Database=AllSampleCode;")) { //con.Open(); //var query = "select * from StockTb where Name='" + stockTbInput.Name +"'"; //SqlCommand cmd = new SqlCommand(query, con) { CommandType = CommandType.Text }; //SqlDataAdapter da = new SqlDataAdapter(); //da.SelectCommand = cmd; //da.Fill(dt); con.Open(); var @query = "select * from StockTb where Name=@Name"; SqlCommand cmd = new SqlCommand(query, con) { CommandType = CommandType.Text }; cmd.Parameters.AddWithValue("@Name", stockTbInput.Name.Trim()); SqlDataAdapter da = new SqlDataAdapter(); da.SelectCommand = cmd; da.Fill(dt); } return(dt); }
public IActionResult Post([FromBody] StockTbInput stockTbInput) { if (stockTbInput != null) { List <StockTb> stocklList = ConvertDataTable <StockTb>(GetStock(stockTbInput)); return(Ok(stocklList)); } else { return(BadRequest()); } }