/// <summary> /// Adds a new entry to the database /// </summary> /// <param name="firstName"></param> /// <param name="lastName"></param> /// <param name="country"></param> /// <param name="county"></param> /// <param name="city"></param> /// <param name="address"></param> /// <param name="postcode"></param> /// <param name="mobilePhone"></param> /// <param name="landLine"></param> /// <param name="emailAddress"></param> /// <param name="dob"></param> public void AddContact(string firstName, string lastName, string country, string county, string city, string address, string postcode, string mobilePhone, string landLine, string emailAddress, DateTime dob, string imagePath) { using (IDbConnection connection = new System.Data.SqlClient.SqlConnection(GetConnectionString.CnnVal("Contacts"))) { List <ContactModel> contact = new List <ContactModel>(); contact.Add(new ContactModel { FirstName = firstName, LastName = lastName, Country = country, County = county, City = city, Address = address, Postcode = postcode, MobilePhone = mobilePhone, LandLine = landLine, EmailAddress = emailAddress, DateOfBirth = dob, ImagePath = imagePath }); connection.Execute("dbo.AddContact @FirstName, @LastName, @Country, @County, @City, @Address, @Postcode, @MobilePhone, @LandLine, @EmailAddress, @DateOfBirth, @ImagePath", contact); } }
/// <summary> /// Removes a contact from the database based on the ID /// </summary> /// <param name="anId"></param> public void RemoveContact(int anId) { using (IDbConnection connection = new System.Data.SqlClient.SqlConnection(GetConnectionString.CnnVal("Contacts"))) { List <ContactModel> contact = new List <ContactModel>(); contact.Add(new ContactModel { Id = anId }); connection.Execute("dbo.RemoveContact @Id", contact); } }
/// <summary> /// Pulls all the data from the SQL server /// </summary> /// <returns>A list of ContactModel</returns> public List <ContactModel> Startup() { using (IDbConnection connection = new System.Data.SqlClient.SqlConnection(GetConnectionString.CnnVal("Contacts"))) { /* var output = connection.Query<Person>($"select * from People where LastName = '{aLastName}'").ToList(); * this is bad its called sql injection it gives access to attacks */ var output = connection.Query <ContactModel>("dbo.Startup").ToList(); return(output); } }