0

I have to build query string from string values like:

connString += "INSERT INTO (...) VALUES ( "+

_cd.userName "," +

//and there i'd like to use ?: operators:

_cd.lastLogin == "Null" ? "null" : _cd.lastLogin ","

So my query would look like INSERT INTO (...) VALUES ('name', null, (...))

But when Im using that it cuts my string, so it's look like 

",null,1,2,'name', (...)";

Well, I know that I can use var a,b,c,d and then check if (_cd.lastLogin == "Null) a = null and put that into string, but there is many variables.

What is proper way to use it?

@EDIT: Code:

string query =  "INSERT INTO PersonLogin(...) " + Environment.NewLine +
 "VALUES (" + _cD.userID + ","
 + "'" + _cD.number + "',"
 + "'" + _cD.dateCreate + "','"
 + _cD.lastLogin == "Null" ? ",null," : _cD.lastLogin + "',"
 + _cD.taken + ","
 + _cD.canLogin + ""+ Environment.NewLine;
Improve this question
5
  • Sorry, I forgot - C#. Commented Oct 1, 2013 at 9:30
  • 15
    The proper way is to use SqlParameters. Building your queries like this is madness. Commented Oct 1, 2013 at 9:32
  • 3
    What Arran said. But to answer your question, probably put parentheses around all usages of ? :. Commented Oct 1, 2013 at 9:33
  • Ok, but textCommand will give me queries like INSERT INTO (...) VALUES (@par1, @par2) right? I need to create string with queries (from 10+ tables) and then send and execute that string as script in database in another server. Commented Oct 1, 2013 at 9:33
  • @user13657 The SQL client might be able to to a batch of operations like that. Even if not I'd just send the commands separately in the same transaction. Commented Oct 1, 2013 at 9:46

3 Answers 3

Reset to default
2

you can use SqlParameter and set value with DbNull.Value

INSERT INTO (...) VALUES (@par1, @par2) command.Parameters.AddwithValue("@par1",DbNull.Value)

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I know that I can use SqlParameters and Command. But as I said i have tables with 50+ colums and for example only 20/50 are null. So with this solution i will need to do something like if(value == null) then add nullValue else add value.value
you can loop in command.parameters but this a bad solution OR + _cD.lastLogin == null ? ",null," : _cD.lastLogin + "',"
1

The proper way to make your queries is not building your queries with string, but using SqlParameters. This will give your more readable code and is better protected against sql injection.

Improve this answer

Comments

0

? operator has lower precedence then + operator. So you need to parenthesize around the usage of ? and :.

connString += ... + (_cd.lastLogin == "Null" ? "null" :"'"+ _cd.lastLogin) +"'" ...;
Improve this answer

3 Comments

-1 for suggesting the wrong way of implementation. See msm2020 answer.
@AmitRanjan I'm not suggesting this, I'm trying to show OP his mistake.
I'll mark as solution, becaouse that's answer for my question, but well, as You all said - i'll try to do it with SqlCommand.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.