//Delete the connections of a specific tutorant public async Task <HttpResponseMessage> DeleteConnectionByTutorantID(int tutorantID) { ExceptionHandler exceptionHandler = new ExceptionHandler(log); //Query string used to delete the coach from the coach table string queryString = $@"DELETE FROM [dbo].[CoachTutorantConnection] WHERE studentIDtutorant = @tutorantID"; try { using (SqlConnection connection = new SqlConnection(connectionString)) { //The connection is automatically closed when going out of scope of the using block. //The connection may fail to open, in which case a [503 Service Unavailable] is returned. connection.Open(); try { //Delete the connection from a specific tutorant in the CoachTutorantConnection table //The Query may fail, in which case a [400 Bad Request] is returned. using (SqlCommand command = new SqlCommand(queryString, connection)) { //Parameters are used to ensure no SQL injection can take place command.Parameters.Add("@tutorantID", SqlDbType.Int).Value = tutorantID; log.LogInformation($"Executing the following query: {queryString}"); int affectedRows = await command.ExecuteNonQueryAsync(); //The studentIDs must be incorrect if no rows were affected, return a [404 Not Found]. if (affectedRows == 0) { log.LogError("Zero rows were affected."); return(exceptionHandler.NotFound()); } } } catch (SqlException e) { //The Query may fail, in which case a [400 Bad Request] is returned. log.LogError("SQL Query has failed to execute."); log.LogError(e.Message); return(exceptionHandler.BadRequest(log)); } } } catch (SqlException e) { //The connection may fail to open, in which case a [503 Service Unavailable] is returned. log.LogError("SQL has failed to open."); log.LogError(e.Message); return(exceptionHandler.ServiceUnavailable(log)); } log.LogInformation($"{HttpStatusCode.NoContent} | Data deleted succesfully."); //Return response code [204 NoContent]. return(new HttpResponseMessage(HttpStatusCode.NoContent)); }
public async Task <HttpResponseMessage> DeleteMessageByID(int messageID) { ExceptionHandler exceptionHandler = new ExceptionHandler(log); string queryString = $@"DELETE FROM [dbo].[Message] WHERE MessageID = @MessageID"; try { using (SqlConnection connection = new SqlConnection(connectionString)) { //The connection is automatically closed when going out of scope of the using block. //The connection may fail to open, in which case a [503 Service Unavailable] is returned. connection.Open(); try { using (SqlCommand command = new SqlCommand(queryString, connection)) { command.Parameters.Add("@MessageID", SqlDbType.DateTime).Value = messageID; log.LogInformation($"Executing the following query: {queryString}"); int affectedRows = await command.ExecuteNonQueryAsync(); // The SQL query must have been incorrect if no rows were executed, return a [404 Not Found]. if (affectedRows == 0) { log.LogError("Zero rows were affected while deleting from the Tutorant table."); return(exceptionHandler.NotFound()); } } } catch (SqlException e) { //The Query may fail, in which case a [400 Bad Request] is returned. log.LogError("SQL Query has failed to execute."); return(exceptionHandler.BadRequest(log)); } } } catch (SqlException e) { //The connection may fail to open, in which case a [503 Service Unavailable] is returned. log.LogError("SQL has failed to open."); return(exceptionHandler.ServiceUnavailable(log)); } log.LogInformation($"{HttpStatusCode.NoContent} | Data deleted succesfully"); // Return response code [204 NoContent]. return(new HttpResponseMessage(HttpStatusCode.NoContent)); }
/* Updates the workload of the coach (in the coach table) */ public async Task <HttpResponseMessage> UpdateCoachByID(int coachID, JObject requestBodyData) { ExceptionHandler exceptionHandler = new ExceptionHandler(log); DatabaseFunctions databaseFunctions = new DatabaseFunctions(); //newCoach.workload will be 0 if the requestbody contains no "workload" parameter, //in which case [400 Bad Request] is returned. if (requestBodyData["workload"] == null) { log.LogError("Requestbody contains no workload."); return(exceptionHandler.BadRequest(log)); } Coach newCoach = requestBodyData.ToObject <Coach>(); string queryString = $@"UPDATE [dbo].[Coach] SET workload = @workload WHERE studentID = @coachID;"; try { using (SqlConnection connection = new SqlConnection(connectionString)) { //The connection is automatically closed when going out of scope of the using block. //The connection may fail to open, in which case a [503 Service Unavailable] is returned. connection.Open(); try { //Update the workload //The Query may fail, in which case a [400 Bad Request] is returned. using (SqlCommand command = new SqlCommand(queryString, connection)) { //Parameters are used to ensure no SQL injection can take place /* PREVIOUSLY: */ //command.Parameters.Add("@workload", SqlDbType.Int).Value = newCoach.workload; //command.Parameters.Add("@coachID", SqlDbType.Int).Value = coachID; /* CHANGED to: due to consistency and scalability */ dynamic dObject = newCoach; databaseFunctions.AddSqlInjection(requestBodyData, dObject, command); log.LogInformation($"Executing the following query: {queryString}"); int affectedRows = command.ExecuteNonQuery(); //The SQL query must have been incorrect if no rows were executed, return a [404 Not Found]. if (affectedRows == 0) { log.LogError("Zero rows were affected."); return(exceptionHandler.NotFound()); } } } catch (SqlException e) { //The Query may fail, in which case a [400 Bad Request] is returned. log.LogError("SQL Query has failed to execute."); log.LogError(e.Message); return(exceptionHandler.ServiceUnavailable(log)); } } } catch (SqlException e) { //The connection may fail to open, in which case a [503 Service Unavailable] is returned. log.LogError("SQL has failed to open."); log.LogError(e.Message); return(exceptionHandler.BadRequest(log)); } log.LogInformation($"{HttpStatusCode.NoContent} | Data updated succesfully."); //Return response code [204 NoContent]. return(new HttpResponseMessage(HttpStatusCode.NoContent)); }
/* Returns the workload of the coach (from the coach table) */ public async Task <HttpResponseMessage> GetCoachByID(int coachID) { ExceptionHandler exceptionHandler = new ExceptionHandler(log); Coach newCoach = new Coach(); string queryString = $@"SELECT * FROM [dbo].[Coach] WHERE studentID = @coachID;"; try { using (SqlConnection connection = new SqlConnection(connectionString)) { //The connection is automatically closed when going out of scope of the using block. //The connection may fail to open, in which case a [503 Service Unavailable] is returned. connection.Open(); try { //Get data from the Coach table by studentID using (SqlCommand command = new SqlCommand(queryString, connection)) { //Parameters are used to ensure no SQL injection can take place command.Parameters.Add("@coachID", SqlDbType.Int).Value = coachID; log.LogInformation($"Executing the following query: {queryString}"); //The Query may fail, in which case a [400 Bad Request] is returned. using (SqlDataReader reader = await command.ExecuteReaderAsync()) { if (!reader.HasRows) { //Query was succesfully executed, but returned no data. //Return response code [404 Not Found] log.LogError("SQL Query was succesfully executed, but returned no data."); return(exceptionHandler.NotFound()); } while (reader.Read()) { newCoach = new Coach { studentID = SafeReader.SafeGetInt(reader, 1), workload = SafeReader.SafeGetInt(reader, 2) }; } } } } catch (SqlException e) { //The Query may fail, in which case a [400 Bad Request] is returned. log.LogError("SQL Query has failed to execute."); log.LogError(e.Message); return(exceptionHandler.BadRequest(log)); } } } catch (SqlException e) { //The connection may fail to open, in which case a [503 Service Unavailable] is returned. log.LogError("SQL has failed to open."); log.LogError(e.Message); return(exceptionHandler.ServiceUnavailable(log)); } var jsonToReturn = JsonConvert.SerializeObject(newCoach); log.LogInformation($"{HttpStatusCode.OK} | Data shown succesfully."); //Return response code [200 OK] and the requested data. return(new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(jsonToReturn, Encoding.UTF8, "application/json") }); }
/* Returns the workload of the coach (from the coach table) */ /* Returns the profile of all coaches (from the student table) * and the workload of all coaches (from the coach table) */ public async Task <HttpResponseMessage> GetAllCoachProfiles() { ExceptionHandler exceptionHandler = new ExceptionHandler(log); List <CoachProfile> listOfCoachProfiles = new List <CoachProfile>(); string queryString = $@"SELECT Student.*, Coach.workload FROM [dbo].[Student] INNER JOIN [dbo].[Coach] ON Student.studentID = Coach.studentID"; try { using (SqlConnection connection = new SqlConnection(connectionString)) { /*The connection is automatically closed when going out of scope of the using block. * The connection may fail to open, in which case a [503 Service Unavailable] is returned. */ connection.Open(); try { /* Get all profiles from the Student and Coach tables */ using (SqlCommand command = new SqlCommand(queryString, connection)) { log.LogInformation($"Executing the following query: {queryString}"); //The Query may fail, in which case a [400 Bad Request] is returned. using (SqlDataReader reader = await command.ExecuteReaderAsync()) { if (!reader.HasRows) { /*Query was succesfully executed, but returned no data. * Return response code [404 Not Found] */ log.LogError("SQL Query was succesfully executed, but returned no data."); return(exceptionHandler.NotFound()); } while (reader.Read()) { listOfCoachProfiles.Add(new CoachProfile( new Coach { studentID = SafeReader.SafeGetInt(reader, 0), workload = SafeReader.SafeGetInt(reader, 10) }, new Student { studentID = SafeReader.SafeGetInt(reader, 0), firstName = SafeReader.SafeGetString(reader, 1), surName = SafeReader.SafeGetString(reader, 2), phoneNumber = SafeReader.SafeGetString(reader, 3), photo = SafeReader.SafeGetString(reader, 4), description = SafeReader.SafeGetString(reader, 5), degree = SafeReader.SafeGetString(reader, 6), study = SafeReader.SafeGetString(reader, 7), studyYear = SafeReader.SafeGetInt(reader, 8), interests = SafeReader.SafeGetString(reader, 9) } )); } } } } catch (SqlException e) { /* The Query may fail, in which case a [400 Bad Request] is returned. */ log.LogError("SQL Query has failed to execute."); log.LogError(e.Message); return(exceptionHandler.BadRequest(log)); } } } catch (SqlException e) { /* The connection may fail to open, in which case a [503 Service Unavailable] is returned. */ log.LogError("SQL connection has failed to open."); log.LogError(e.Message); return(exceptionHandler.ServiceUnavailable(log)); } string jsonToReturn = JsonConvert.SerializeObject(listOfCoachProfiles); log.LogInformation($"{HttpStatusCode.OK} | Data shown succesfully."); /* Return response code [200 OK] and the requested data. */ return(new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(jsonToReturn, Encoding.UTF8, "application/json") }); }
public async Task <HttpResponseMessage> UpdateMessageByID(int messageID, JObject requestBodyData) { ExceptionHandler exceptionHandler = new ExceptionHandler(log); DatabaseFunctions databaseFunctions = new DatabaseFunctions(); Message newMessage = requestBodyData.ToObject <Message>(); string queryString = $"UPDATE [dbo].[Message] SET "; /* Loop through the properties of the jObject Object which contains the values given in the requestBody * loop through the hardcoded properties in the Message Entity to check if they correspond with the requestBody * to prevent SQL injection. */ foreach (JProperty property in requestBodyData.Properties()) { foreach (PropertyInfo props in newMessage.GetType().GetProperties()) { if (props.Name == property.Name) { /* fill the queryString with the property names from the Message and their values */ queryString += $"{props.Name} = @{property.Name},"; } } } queryString = databaseFunctions.RemoveLastCharacters(queryString, 1); queryString += $@" WHERE MessageID = @messageID;"; try { using (SqlConnection connection = new SqlConnection(connectionString)) { //The connection is automatically closed when going out of scope of the using block. //The connection may fail to open, in which case a [503 Service Unavailable] is returned. connection.Open(); try { using (SqlCommand command = new SqlCommand(queryString, connection)) { // Parameters are used to ensure no SQL injection can take place. /* pass the requestBody, the entity with the corresponding properties and the SqlCommand to the method * to ensure working SqlInjection for the incoming values*/ databaseFunctions.AddSqlInjection(requestBodyData, newMessage, command); log.LogInformation($"Executing the following query: {queryString}"); int affectedRows = await command.ExecuteNonQueryAsync(); //The SQL query must have been incorrect if no rows were executed, return a [404 Not Found]. if (affectedRows == 0) { log.LogError("Zero rows were affected."); return(exceptionHandler.NotFound()); } } } catch (SqlException e) { //The Query may fail, in which case a [400 Bad Request] is returned. log.LogError("SQL Query has failed to execute."); log.LogError(e.Message); return(exceptionHandler.BadRequest(log)); } } } catch (SqlException e) { //The connection may fail to open, in which case a [503 Service Unavailable] is returned. log.LogError("SQL has failed to open."); log.LogError(e.Message); return(exceptionHandler.ServiceUnavailable(log)); } log.LogInformation($"{HttpStatusCode.NoContent} | Data updated succesfully."); //Return response code [204 NoContent]. return(new HttpResponseMessage(HttpStatusCode.NoContent)); }
public async Task <HttpResponseMessage> GetMessageByID(int messageID) { ExceptionHandler exceptionHandler = new ExceptionHandler(log); Message newMessage = new Message(); string queryString = $@"SELECT * FROM [dbo].[Message] WHERE MessageID = @messageID;"; try { using (SqlConnection connection = new SqlConnection(connectionString)) { //The connection is automatically closed when going out of scope of the using block. //The connection may fail to open, in which case a [503 Service Unavailable] is returned. connection.Open(); try { using (SqlCommand command = new SqlCommand(queryString, connection)) { command.Parameters.Add("@messageID", SqlDbType.Int).Value = messageID; log.LogInformation($"Executing the following query: {queryString}"); using (SqlDataReader reader = await command.ExecuteReaderAsync()) { if (!reader.HasRows) { //Query was succesfully executed, but returned no data. //Return response code [404 Not Found] log.LogError("SQL Query was succesfully executed, but returned no data."); return(exceptionHandler.NotFound()); } while (reader.Read()) { newMessage = new Message { MessageID = reader.GetInt32(0), type = SafeReader.SafeGetString(reader, 1), payload = SafeReader.SafeGetString(reader, 2), created = SafeReader.SafeGetDateTime(reader, 3), lastModified = SafeReader.SafeGetDateTime(reader, 4), senderID = SafeReader.SafeGetInt(reader, 5), receiverID = SafeReader.SafeGetInt(reader, 6) }; } } } } catch (SqlException e) { //The Query may fail, in which case a [400 Bad Request] is returned. log.LogError("SQL Query has failed to execute."); log.LogError(e.Message); return(exceptionHandler.BadRequest(log)); } } } catch (SqlException e) { //The connection may fail to open, in which case a [503 Service Unavailable] is returned. log.LogError("SQL has failed to open."); log.LogError(e.Message); return(exceptionHandler.ServiceUnavailable(log)); } var jsonToReturn = JsonConvert.SerializeObject(newMessage); log.LogInformation($"{HttpStatusCode.OK} | Data shown succesfully."); //Return response code [200 OK] and the requested data. // Everything went fine, return status code 200. return(new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(jsonToReturn, Encoding.UTF8, "application/json") }); }
//Changes the status of a CoachTutorantConnection. public async Task <HttpResponseMessage> UpdateConnection(JObject requestBodyData) { ExceptionHandler exceptionHandler = new ExceptionHandler(log); DatabaseFunctions databaseFunctions = new DatabaseFunctions(); //Verify if all parameters for the CoachTutorantConnection exist. //One or more parameters may be missing, in which case a [400 Bad Request] is returned. if (requestBodyData["status"] == null) { log.LogError("Requestbody is missing data for the CoachTutorantConnection table!"); return(exceptionHandler.BadRequest(log)); } /* Make a Connection entity from the requestBody after checking the required fields */ CoachTutorantConnection coachTutorantConnection = requestBodyData.ToObject <CoachTutorantConnection>(); string queryString = $@"UPDATE [dbo].[CoachTutorantConnection] SET status = @status WHERE studentIDTutorant = @studentIDTutorant AND studentIDCoach = @studentIDCoach;"; try { using (SqlConnection connection = new SqlConnection(connectionString)) { //The connection is automatically closed when going out of scope of the using block. //The connection may fail to open, in which case a [503 Service Unavailable] is returned. connection.Open(); try { //Update the status for the tutorant/coach connection //The Query may fail, in which case a [400 Bad Request] is returned. using (SqlCommand command = new SqlCommand(queryString, connection)) { //Parameters are used to ensure no SQL injection can take place dynamic dObject = coachTutorantConnection; databaseFunctions.AddSqlInjection(requestBodyData, dObject, command); log.LogInformation($"Executing the following query: {queryString}"); int affectedRows = await command.ExecuteNonQueryAsync(); //The studentIDs must be incorrect if no rows were affected, return a [404 Not Found]. if (affectedRows == 0) { log.LogError("Zero rows were affected."); return(exceptionHandler.NotFound()); } } } catch (SqlException e) { //The Query may fail, in which case a [400 Bad Request] is returned. log.LogError("SQL Query has failed to execute."); log.LogError(e.Message); return(exceptionHandler.BadRequest(log)); } } } catch (SqlException e) { //The connection may fail to open, in which case a [503 Service Unavailable] is returned. log.LogError("SQL has failed to open."); log.LogError(e.Message); return(exceptionHandler.ServiceUnavailable(log)); } log.LogInformation($"{HttpStatusCode.NoContent} | Data updated succesfully."); //Return response code [204 NoContent]. return(new HttpResponseMessage(HttpStatusCode.NoContent)); }
// Returns the profile of the tutorant (from the student table). public async Task <HttpResponseMessage> GetTutorantProfileByID(int tutorantID) { ExceptionHandler exceptionHandler = new ExceptionHandler(log); TutorantProfile newTutorantProfile = new TutorantProfile(); string queryString = $@"SELECT Student.* FROM [dbo].[Student] INNER JOIN [dbo].[Tutorant] ON Student.studentID = Tutorant.studentID WHERE Student.studentID = @tutorantID;"; try { using (SqlConnection connection = new SqlConnection(connectionString)) { //The connection is automatically closed when going out of scope of the using block. //The connection may fail to open, in which case a [503 Service Unavailable] is returned. connection.Open(); try { using (SqlCommand command = new SqlCommand(queryString, connection)) { // Parameters are used to ensure no SQL injection can take place. command.Parameters.Add("@tutorantID", SqlDbType.Int).Value = tutorantID; log.LogInformation($"Executing the following query: {queryString}"); //The Query may fail, in which case a [400 Bad Request] is returned. using (SqlDataReader reader = await command.ExecuteReaderAsync()) { if (!reader.HasRows) { //Query was succesfully executed, but returned no data. //Return response code [404 Not Found] log.LogError("SQL Query was succesfully executed, but returned no data."); return(exceptionHandler.NotFound()); } while (reader.Read()) { newTutorantProfile = new TutorantProfile( new Tutorant { studentID = SafeReader.SafeGetInt(reader, 0) }, new Student { studentID = SafeReader.SafeGetInt(reader, 0), firstName = SafeReader.SafeGetString(reader, 1), surName = SafeReader.SafeGetString(reader, 2), phoneNumber = SafeReader.SafeGetString(reader, 3), photo = SafeReader.SafeGetString(reader, 4), description = SafeReader.SafeGetString(reader, 5), degree = SafeReader.SafeGetString(reader, 6), study = SafeReader.SafeGetString(reader, 7), studyYear = SafeReader.SafeGetInt(reader, 8), interests = SafeReader.SafeGetString(reader, 9) } ); } } } } catch (SqlException e) { //The Query may fail, in which case a [400 Bad Request] is returned. log.LogError("SQL Query has failed to execute."); log.LogError(e.Message); return(exceptionHandler.BadRequest(log)); } } } catch (SqlException e) { //The connection may fail to open, in which case a [503 Service Unavailable] is returned. log.LogError("SQL has failed to open."); log.LogError(e.Message); return(exceptionHandler.ServiceUnavailable(log)); } var jsonToReturn = JsonConvert.SerializeObject(newTutorantProfile); log.LogInformation($"{HttpStatusCode.OK} | Data shown succesfully"); //Return response code [200 OK] and the requested data. return(new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(jsonToReturn, Encoding.UTF8, "application/json") }); }
/* Update the data from the student given by a requestBody */ public async Task <HttpResponseMessage> UpdateStudentByID(int studentID, JObject requestBodyData) { ExceptionHandler exceptionHandler = new ExceptionHandler(log); DatabaseFunctions databaseFunctions = new DatabaseFunctions(); /* Read the requestBody and put the response into a jObject which can be read later * Also make a new user object and store the data in the user */ /* If the responseBody is empty (no data has been given by the user) * return a BadRequest to say that the User must fill the requestBody. * Bad request is status code 400 */ if (requestBodyData["studentID"] == null) { log.LogError($"Requestbody contains no studentID"); return(exceptionHandler.BadRequest(log)); } Student newStudent = requestBodyData.ToObject <Student>(); string queryString = $"UPDATE [dbo].[Student] SET "; /* Loop through the properties of the jObject Object which contains the values given in the requestBody * loop through the hardcoded properties in the Student Entity to check if they correspond with the requestBody * to prevent SQL injection. */ foreach (JProperty property in requestBodyData.Properties()) { foreach (PropertyInfo props in newStudent.GetType().GetProperties()) { if (props.Name == property.Name) { /* fill the queryString with the property names from the Message and their values */ queryString += $"{props.Name} = @{property.Name}, "; } } } /* Remove the last character from the queryString, which is ',' * And add the WHERE statement*/ queryString = databaseFunctions.RemoveLastCharacters(queryString, 2); queryString += $" WHERE studentID = @studentID;"; try { using (SqlConnection connection = new SqlConnection(connectionString)) { /* * The connection is automatically closed when going out of scope of the using block. * The connection may fail to open, in which case a [503 Service Unavailable] is returned. */ connection.Open(); try { using (SqlCommand command = new SqlCommand(queryString, connection)) { /* Parameters are used to prevent SQLInjection */ databaseFunctions.AddSqlInjection(requestBodyData, newStudent, command); log.LogInformation($"Executing the following query: {queryString}"); int affectedRows = await command.ExecuteNonQueryAsync(); /* The SQL query must have been incorrect if no rows were executed, return a [404 Not Found] */ if (affectedRows == 0) { log.LogError("Zero rows were affected."); return(exceptionHandler.NotFound()); } } } catch (SqlException e) { /* The query may fail, in which case a [400 Bad Request] is returned. */ log.LogError("SQL Query has failed to execute."); log.LogError(e.Message); return(exceptionHandler.BadRequest(log)); } } } catch (SqlException e) { /* The connection may fail to open, in which case a [503 Service Unavailable] is returned. */ log.LogError("SQL connection has failed to open."); log.LogError(e.Message); return(exceptionHandler.ServiceUnavailable(log)); } log.LogInformation($"Changed data of student: {studentID}"); //Return response code [204 NoContent]. return(new HttpResponseMessage(HttpStatusCode.NoContent)); }
/* * Returns the data from a specific student (Coaches and Tutorants) * given by the studentID in the path. */ public async Task <HttpResponseMessage> GetStudentByID(int studentID) { ExceptionHandler exceptionHandler = new ExceptionHandler(log); Student newStudent = new Student(); /* Initialize the queryString */ string queryString = $"SELECT * FROM [dbo].[Student] WHERE studentID = @studentID;"; try { using (SqlConnection connection = new SqlConnection(connectionString)) { /* * The connection is automatically closed when going out of scope of the using block. * The connection may fail to open, in which case a [503 Service Unavailable] is returned. */ connection.Open(); try { using (SqlCommand command = new SqlCommand(queryString, connection)) { /* Adding SQL Injection to the StudentID parameter to prevent SQL attacks */ command.Parameters.Add("@studentID", System.Data.SqlDbType.Int).Value = studentID; /* * Executing the queryString to get the student profile * and add the data of the student to a newStudent */ log.LogInformation($"Executing the following query: {queryString}"); using (SqlDataReader reader = await command.ExecuteReaderAsync()) { /* If the student does not exist, it returns a notFoundException */ /* Return status code 404 */ if (!reader.HasRows) { return(exceptionHandler.NotFound()); } while (reader.Read()) { newStudent = new Student { studentID = reader.GetInt32(0), firstName = SafeReader.SafeGetString(reader, 1), surName = SafeReader.SafeGetString(reader, 2), phoneNumber = SafeReader.SafeGetString(reader, 3), photo = SafeReader.SafeGetString(reader, 4), description = SafeReader.SafeGetString(reader, 5), degree = SafeReader.SafeGetString(reader, 6), study = SafeReader.SafeGetString(reader, 7), studyYear = SafeReader.SafeGetInt(reader, 8), interests = SafeReader.SafeGetString(reader, 9), vooropleiding = SafeReader.SafeGetString(reader, 10) }; } } } } catch (SqlException e) { /* The Query may fail, in which case a [400 Bad Request] is returned. */ log.LogError("Could not perform given query on the database"); log.LogError(e.Message); return(exceptionHandler.BadRequest(log)); } } } catch (SqlException e) { /* The connection may fail to open, in which case a [503 Service Unavailable] is returned. */ log.LogError("SQL has failed to open."); log.LogError(e.Message); return(exceptionHandler.ServiceUnavailable(log)); } /* Convert the student to a JSON and Log a OK message */ var jsonToReturn = JsonConvert.SerializeObject(newStudent); log.LogInformation($"{HttpStatusCode.OK} | Data shown succesfully"); /* Return the JSON Return status code 200 */ return(new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(jsonToReturn, Encoding.UTF8, "application/json") }); }