Delete From does not work on C#

Asked

Viewed 65 times

1

Why the code below does not work (does not delete)?

using (Banco db = new Banco()) { 
    String strSql = "Delete from Cliente where codcliente=" + Session["_uiUserID"];
    db.Cliente.SqlQuery(strSql);
    db.SaveChanges();
}

You’re not throwing any Exception and catching the string within the variable strSql and running directly on the bank works normal.

  • These other methods, in this case, db.Savechanges() it executes Executenonquery?

  • 1

    It is necessary to give more details. What exactly is this class Banco. I imagine, but it may be that the problem lies precisely in being something other than what I imagine. Where does it come from Session["_uiUserID"]? There is the element _uiUserID in this dictionary? What is the value of this variable at the moment? There is a row with the column codcliente with exactly the same value as the variable? No difference at all? The SaveChanges() Is that correct? I’m not even going to discuss the security flaw you have there, I’m going to consider that it’s just an example that will never run in production.

  • From what I’m seeing, there are missing quotation marks('') on this _uiUserID. Your Where clause is probably empty.

  • 1

    @bigown has never seen such a big case of vulnerability.. Just change my cookie and I can delete all BD clients...

  • If you’re using Entity Framework ? Because, that’s unnecessary if what I asked you is affirmative !!! Use your own method for this!.

  • Hey, guys, I changed the method to the way Maia posted it and it worked. This project is only of study even then ta the reason of vulnerabilities. @bigown answering your questions: Session["_uiUserID"] is the User id and was coming normally (filled), the codclient line exists in the same way and Savechanges was not working and the reason I do not know, but using Remove worked cool. Thank you for all your answers.

  • The questions were to/ help you find the solution.

  • I know @bigown, thanks for that ^^

Show 3 more comments

1 answer

1


Possible mind the where is not finding any record.

To test better, put a break point on the line String strSql = "Delete from Cliente where codcliente=" + Session["_uiUserID"]; and take the result of querystring and run directly into the database.

It may be that Session["_uiUserID"] is not empty or no longer exists in the table Cliente

Another way to delete with EF

using (Banco db = new Banco()) { 
    var c = db.Cliente.First(x => x.codcliente == Session["_uiUserID"]);
    db.Cliente.Remove(c);
    db.SaveChanges();
}

This way, you will be sure that the customer with the Session["_uiUserID"] exists in the Client table and, if it exists, it will be deleted. If it does not exist, the method First will fire an exception.

  • 1

    It’s worth checking out @bigown’s comment on safety. In this solution I put, your code still remains insecure.

  • 1

    But at least this way is not subject to Sqlinjection like the previous

  • I tidied up here, I still need to study more about security in the code.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.