public ActionResult MachineDetail(int id) { try { var model = new MachineDetailViewModel(); using (var connection = new SqlConnection(conString)) { //Ja jag vet att sqlinjection kan sabba databasen string query = @"SELECT Machines.Id, Machines.Name, MachineInfoes.ModelName, MachineInfoes.SerialNumber, MachineInfoes.MachineWeight" + @" FROM Machines INNER JOIN MachineInfoes On Machines.Id = MachineInfoes.Id" + $" WHERE Machines.Id = {id}"; var command = new SqlCommand(query, connection); connection.Open(); var reader = command.ExecuteReader(); while (reader.Read()) { model.MachineId = (int)reader[0]; model.Name = (string)reader[1]; model.ModelName = (string)reader[2]; model.SerialNumber = (string)reader[3]; model.MachineWeight = (int)reader[4]; } } return View(model); } catch (Exception) { return RedirectToAction("Index", "Machines"); throw; } }
public ActionResult DetailListOfMachines() { var model = new MachineDetailViewModelList(); using (var connection = new SqlConnection(conString)) { string query = @"SELECT Machines.Id, Machines.Name, MachineInfoes.ModelName, MachineInfoes.SerialNumber, MachineInfoes.MachineWeight" + @" FROM Machines INNER JOIN MachineInfoes On Machines.Id = MachineInfoes.Id"; var command = new SqlCommand(query, connection); connection.Open(); var reader = command.ExecuteReader(); while (reader.Read()) { var x = new MachineDetailViewModel { MachineId = (int) reader[0], Name = (string) reader[1], ModelName = (string) reader[2], SerialNumber = (string) reader[3], MachineWeight = (int) reader[4] }; model.MachineList.Add(x); } } return View(model); }