/// <summary> /// execute with ExecuteNonQuery() method. /// </summary> /// <param name="query">Query to execute. Example: INSERT INTO public.\"Image\"(\"ImageName\", \"Description\", \"Price\", \"Quantity\", \"Isprivate\", \"UserId\", \"ImgByte\") " + "VALUES(@ImageName, @Description, @price, @quantity, @IsPrivate, @UserId, @ImgByte); </param> /// <param name="imageModel">Param name. Example: []{"prodId". "qtd"}</param> /// <returns> return true if successful insertion </returns> public Boolean ExecuteInsertImage(string query, InsertImageModel imageModel) { connection.Open(); bool success = true; using (var cmd = new NpgsqlCommand(query, connection)) { try { cmd.Parameters.AddWithValue("ImageName", imageModel.ImageName); cmd.Parameters.AddWithValue("Description", imageModel.Description); cmd.Parameters.AddWithValue("price", imageModel.Price); cmd.Parameters.AddWithValue("quantity", imageModel.Quantity); cmd.Parameters.AddWithValue("IsPrivate", imageModel.Isprivate); cmd.Parameters.AddWithValue("UserId", imageModel.UserId); cmd.Parameters.AddWithValue("ImgByte", imageModel.ImgByte); int result = cmd.ExecuteNonQuery(); //nothing inserted, something went wrong if (result < 0) { success = false; } } catch (SqlException e) { Console.WriteLine("SqlException caught " + e); } } connection.Close(); return(success); }
public IActionResult InsertImage(InsertImageModel imageModel) { //could ideally use LINQ or other ORM library, or even move this to XML level to clean it up. //just avoid sql injection by parameterizing for now: string query = "INSERT INTO public.\"Image\"(\"ImageName\", \"Description\", \"Price\", \"Quantity\", \"Isprivate\", \"UserId\", \"ImgByte\") " + "VALUES(@ImageName, @Description, @price, @quantity, @IsPrivate, @UserId, @ImgByte); "; //read the file to bytes ImageService service = new ImageService(); byte[] filebytes = service.ReadAllBytes(imageModel.Path); imageModel.ImgByte = filebytes; return(ExecuteInsertImage(query, imageModel) == true?Json(HttpStatusCode.OK) : Json(HttpStatusCode.BadRequest)); }