[HttpPost("postSQL")]
public void PostSQL([FromBody] TodoListPostDto value)
{
var name = new SqlParameter("name", value.Name);
string sql = @"INSERT INTO [dbo].[TodoList]
([Name]
,[InsertTime]
,[UpdateTime]
,[Enable]
,[Orders]
,[InsertEmployeeId]
,[UpdateEmployeeId])
VALUES
(@name,'"+DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss")+"','"+ DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + "','"+value.Enable+"',"+value.Orders+ ",'00000000-0000-0000-0000-000000000001','00000000-0000-0000-0000-000000000001')";
_todoContext.Database.ExecuteSqlRaw(sql, name);
}
參考資料:Entity Framework Core原始 SQL 查詢
ASP.NET Core Web API 入門教學(5_7) - 新增資料之好想用SQL,一樣要小心SQL Injection
技術提供:Blogger.
0 意見:
張貼留言