Here's the scenario:
You get a payload using a model that contains only a subset of the fields populated. The remaining fields contain null\default values, however, while writing an update query, you cannot set the default values in your statement since you'd like to ignore them.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /// <summary> | |
| /// Helper to create update statements in SQL. Adds 'key'='value' tokens | |
| /// </summary> | |
| /// <typeparam name="T"></typeparam> | |
| /// <param name="value"></param> | |
| /// <param name="key"></param> | |
| /// <param name="sb">the stringbuilder where the value gets appended to</param> | |
| /// <param name="commaNeeded">do i prefix a comma before adding my key-value</param> | |
| /// <param name="addQuoteToValue">override false for string values such as functions that shouldn't be quoted</param> | |
| /// <returns>true if we added something, false if not</returns> | |
| public static bool AppendValueParameter<T>(T value, string key, StringBuilder sb, bool commaNeeded, bool addQuoteToValue = true) | |
| { | |
| bool added = false; | |
| if (!EqualityComparer<T>.Default.Equals(value, default(T))) //null and default values excluded | |
| { | |
| string val; | |
| if (typeof(T) == typeof(DateTime)) | |
| val = string.Format("'{0}'", ((DateTime)(object)value).ToString("yyyy-MM-dd HH:mm:ss")); | |
| //no need quote for numeric or bool | |
| else if (TypeHelper.IsNumeric(typeof(T)) || (Nullable.GetUnderlyingType(typeof(T)) ?? typeof(T)) == typeof(bool)) | |
| val = value.ToString(); | |
| else if (addQuoteToValue) | |
| val = string.Format("'{0}'", value); | |
| else | |
| val = value.ToString(); | |
| sb.Append(string.Format("{0}{1}={2}", commaNeeded ? "," : "", key, val)); | |
| added = true; | |
| } | |
| return added; | |
| } |
You can then build your update statement using the following method. I'm using the Dapper library as ORM.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public bool UpdatePerson(UpdatePersonEvent person) | |
| { | |
| var sb = new StringBuilder(); | |
| bool commaNeeded = false; | |
| commaNeeded |= SqlBuilder.AppendValueParameter(person.personName, "Name", sb, commaNeeded); | |
| commaNeeded |= SqlBuilder.AppendValueParameter("Reverse(" + person.personName + ")", "NameInReverse", sb, commaNeeded, addQuoteToValue:false); //in case you're passing in a sql function as a value | |
| commaNeeded |= SqlBuilder.AppendValueParameter(DateTime.UtcNow, "UpdateUTC", sb, commaNeeded); | |
| string query = string.Format("update person set {0} where personUID={1}", sb, person.personUID.ToStringWithoutHyphens().WrapWithUnhex()); | |
| using (var connection = new MySqlConnection(_connectionString)) | |
| { | |
| int rowsAffected = connection.Execute(query, null, commandType: CommandType.Text); | |
| return (rowsAffected > 0); | |
| } | |
| } |
There are risks using this method such as SQL Injection, etc. so you're better of using Prepared Statements 99% of the time. However, if you'd like to write ad-hoc SQL queries, this should suffice.
