Skip to content

Commit c18357d

Browse files
ktoliverktoliver
authored
Merge pull request #69308 from rachel-msft/editnpg
Use parameterization
2 parents b0e0511 + 7561294 commit c18357d

File tree

1 file changed

+86
-99
lines changed

1 file changed

+86
-99
lines changed

articles/postgresql/connect-csharp.md

Lines changed: 86 additions & 99 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ ms.service: postgresql
77
ms.custom: mvc, devcenter
88
ms.devlang: csharp
99
ms.topic: quickstart
10-
ms.date: 02/28/2018
10+
ms.date: 03/12/2019
1111
---
1212

1313
# Azure Database for PostgreSQL: Use .NET (C#) to connect and query data
@@ -39,10 +39,6 @@ Replace the Host, DBName, User, and Password parameters with the values that you
3939

4040
```csharp
4141
using System;
42-
using System.Collections.Generic;
43-
using System.Linq;
44-
using System.Text;
45-
using System.Threading.Tasks;
4642
using Npgsql;
4743

4844
namespace Driver
@@ -63,44 +59,46 @@ namespace Driver
6359
//
6460
string connString =
6561
String.Format(
66-
"Server={0}; User Id={1}; Database={2}; Port={3}; Password={4}; SSL Mode=Prefer; Trust Server Certificate=true",
62+
"Server={0};Username={1};Database={2};Port={3};Password={4};SSLMode=Prefer",
6763
Host,
6864
User,
6965
DBname,
7066
Port,
7167
Password);
7268

73-
var conn = new NpgsqlConnection(connString);
7469

75-
Console.Out.WriteLine("Opening connection");
76-
conn.Open();
70+
using (var conn = new NpgsqlConnection(connString))
7771

78-
var command = conn.CreateCommand();
79-
command.CommandText = "DROP TABLE IF EXISTS inventory;";
80-
command.ExecuteNonQuery();
81-
Console.Out.WriteLine("Finished dropping table (if existed)");
82-
83-
command.CommandText = "CREATE TABLE inventory (id serial PRIMARY KEY, name VARCHAR(50), quantity INTEGER);";
84-
command.ExecuteNonQuery();
85-
Console.Out.WriteLine("Finished creating table");
86-
87-
command.CommandText =
88-
String.Format(
89-
@"
90-
INSERT INTO inventory (name, quantity) VALUES ({0}, {1});
91-
INSERT INTO inventory (name, quantity) VALUES ({2}, {3});
92-
INSERT INTO inventory (name, quantity) VALUES ({4}, {5});
93-
",
94-
"\'banana\'", 150,
95-
"\'orange\'", 154,
96-
"\'apple\'", 100
97-
);
98-
99-
int nRows = command.ExecuteNonQuery();
100-
Console.Out.WriteLine(String.Format("Number of rows inserted={0}", nRows));
101-
102-
Console.Out.WriteLine("Closing connection");
103-
conn.Close();
72+
{
73+
Console.Out.WriteLine("Opening connection");
74+
conn.Open();
75+
76+
using (var command = new NpgsqlCommand("DROP TABLE IF EXISTS inventory", conn))
77+
{
78+
command.ExecuteNonQuery();
79+
Console.Out.WriteLine("Finished dropping table (if existed)");
80+
81+
}
82+
83+
using (var command = new NpgsqlCommand("CREATE TABLE inventory(id serial PRIMARY KEY, name VARCHAR(50), quantity INTEGER)", conn))
84+
{
85+
command.ExecuteNonQuery();
86+
Console.Out.WriteLine("Finished creating table");
87+
}
88+
89+
using (var command = new NpgsqlCommand("INSERT INTO inventory (name, quantity) VALUES (@n1, @q1), (@n2, @q2), (@n3, @q3)", conn))
90+
{
91+
command.Parameters.AddWithValue("n1", "banana");
92+
command.Parameters.AddWithValue("q1", 150);
93+
command.Parameters.AddWithValue("n2", "orange");
94+
command.Parameters.AddWithValue("q2", 154);
95+
command.Parameters.AddWithValue("n3", "apple");
96+
command.Parameters.AddWithValue("q3", 100);
97+
98+
int nRows = command.ExecuteNonQuery();
99+
Console.Out.WriteLine(String.Format("Number of rows inserted={0}", nRows));
100+
}
101+
}
104102

105103
Console.WriteLine("Press RETURN to exit");
106104
Console.ReadLine();
@@ -116,10 +114,6 @@ Replace the Host, DBName, User, and Password parameters with the values that you
116114

117115
```csharp
118116
using System;
119-
using System.Collections.Generic;
120-
using System.Linq;
121-
using System.Text;
122-
using System.Threading.Tasks;
123117
using Npgsql;
124118

125119
namespace Driver
@@ -140,36 +134,37 @@ namespace Driver
140134
//
141135
string connString =
142136
String.Format(
143-
"Server={0}; User Id={1}; Database={2}; Port={3}; Password={4};",
137+
"Server={0}; User Id={1}; Database={2}; Port={3}; Password={4};SSLMode=Prefer",
144138
Host,
145139
User,
146140
DBname,
147141
Port,
148142
Password);
149143

150-
var conn = new NpgsqlConnection(connString);
151-
152-
Console.Out.WriteLine("Opening connection");
153-
conn.Open();
154-
155-
var command = conn.CreateCommand();
156-
command.CommandText = "SELECT * FROM inventory;";
157-
158-
var reader = command.ExecuteReader();
159-
while (reader.Read())
144+
using (var conn = new NpgsqlConnection(connString))
160145
{
161-
Console.WriteLine(
162-
string.Format(
163-
"Reading from table=({0}, {1}, {2})",
164-
reader.GetInt32(0).ToString(),
165-
reader.GetString(1),
166-
reader.GetInt32(2).ToString()
167-
)
168-
);
169-
}
170146

171-
Console.Out.WriteLine("Closing connection");
172-
conn.Close();
147+
Console.Out.WriteLine("Opening connection");
148+
conn.Open();
149+
150+
151+
using (var command = new NpgsqlCommand("SELECT * FROM inventory", conn))
152+
{
153+
154+
var reader = command.ExecuteReader();
155+
while (reader.Read())
156+
{
157+
Console.WriteLine(
158+
string.Format(
159+
"Reading from table=({0}, {1}, {2})",
160+
reader.GetInt32(0).ToString(),
161+
reader.GetString(1),
162+
reader.GetInt32(2).ToString()
163+
)
164+
);
165+
}
166+
}
167+
}
173168

174169
Console.WriteLine("Press RETURN to exit");
175170
Console.ReadLine();
@@ -186,10 +181,6 @@ Replace the Host, DBName, User, and Password parameters with the values that you
186181

187182
```csharp
188183
using System;
189-
using System.Collections.Generic;
190-
using System.Linq;
191-
using System.Text;
192-
using System.Threading.Tasks;
193184
using Npgsql;
194185

195186
namespace Driver
@@ -210,36 +201,36 @@ namespace Driver
210201
//
211202
string connString =
212203
String.Format(
213-
"Server={0}; User Id={1}; Database={2}; Port={3}; Password={4};",
204+
"Server={0}; User Id={1}; Database={2}; Port={3}; Password={4};SSLMode=Prefer",
214205
Host,
215206
User,
216207
DBname,
217208
Port,
218209
Password);
219210

220-
var conn = new NpgsqlConnection(connString);
221-
222-
Console.Out.WriteLine("Opening connection");
223-
conn.Open();
224-
225-
var command = conn.CreateCommand();
226-
command.CommandText =
227-
String.Format("UPDATE inventory SET quantity = {0} WHERE name = {1};",
228-
200,
229-
"\'banana\'"
230-
);
231-
232-
int nRows = command.ExecuteNonQuery();
233-
Console.Out.WriteLine(String.Format("Number of rows updated={0}", nRows));
211+
using (var conn = new NpgsqlConnection(connString))
212+
{
234213

235-
Console.Out.WriteLine("Closing connection");
236-
conn.Close();
214+
Console.Out.WriteLine("Opening connection");
215+
conn.Open();
216+
217+
using (var command = new NpgsqlCommand("UPDATE inventory SET quantity = @q WHERE name = @n", conn))
218+
{
219+
command.Parameters.AddWithValue("n", "banana");
220+
command.Parameters.AddWithValue("q", 200);
221+
222+
int nRows = command.ExecuteNonQuery();
223+
Console.Out.WriteLine(String.Format("Number of rows updated={0}", nRows));
224+
}
225+
}
237226

238227
Console.WriteLine("Press RETURN to exit");
239228
Console.ReadLine();
240229
}
241230
}
242231
}
232+
233+
243234
```
244235

245236

@@ -252,10 +243,6 @@ Replace the Host, DBName, User, and Password parameters with the values that you
252243

253244
```csharp
254245
using System;
255-
using System.Collections.Generic;
256-
using System.Linq;
257-
using System.Text;
258-
using System.Threading.Tasks;
259246
using Npgsql;
260247

261248
namespace Driver
@@ -276,33 +263,33 @@ namespace Driver
276263
//
277264
string connString =
278265
String.Format(
279-
"Server={0}; User Id={1}; Database={2}; Port={3}; Password={4};",
266+
"Server={0}; User Id={1}; Database={2}; Port={3}; Password={4};SSLMode=Prefer",
280267
Host,
281268
User,
282269
DBname,
283270
Port,
284271
Password);
285272

286-
var conn = new NpgsqlConnection(connString);
287-
288-
Console.Out.WriteLine("Opening connection");
289-
conn.Open();
273+
using (var conn = new NpgsqlConnection(connString))
274+
{
275+
Console.Out.WriteLine("Opening connection");
276+
conn.Open();
290277

291-
var command = conn.CreateCommand();
292-
command.CommandText =
293-
String.Format("DELETE FROM inventory WHERE name = {0};",
294-
"\'orange\'");
295-
int nRows = command.ExecuteNonQuery();
296-
Console.Out.WriteLine(String.Format("Number of rows deleted={0}", nRows));
278+
using (var command = new NpgsqlCommand("DELETE FROM inventory WHERE name = @n", conn))
279+
{
280+
command.Parameters.AddWithValue("n", "orange");
297281

298-
Console.Out.WriteLine("Closing connection");
299-
conn.Close();
282+
int nRows = command.ExecuteNonQuery();
283+
Console.Out.WriteLine(String.Format("Number of rows deleted={0}", nRows));
284+
}
285+
}
300286

301287
Console.WriteLine("Press RETURN to exit");
302288
Console.ReadLine();
303289
}
304290
}
305291
}
292+
306293
```
307294

308295
## Next steps

0 commit comments

Comments
 (0)