Click here to Skip to main content
15,850,360 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
i want to convert below query in linq query. i try but i get the exception:
C#
string query = "select * from OrderItems where itemname is not null";
           if (!string.IsNullOrEmpty(item))
           {
               query += " and itemname=" + item;
           }
           if (!string.IsNullOrEmpty(description))
           {
               query += " and description=" + description;
           }
           if (!string.IsNullOrEmpty(price))
           {
               query += " and price=" + price;
           }

my tried code is below:
C#
var InventoryData = GetItems().ToList();
           if (!string.IsNullOrEmpty(item))
           {
               InventoryData += InventoryData.ToList().Where(d => d.InventoryId == item).ToList();
           }



please help: showing error + sign.

please help thanks in advance.
Posted

your close, but you should just use "=", not "+=" The clauses will accumulate the way you intend:

C#
//string query = "select * from OrderItems where itemname is not null";
var query = GetItems(); // keep it queriable for now.  As soon as you perform "ToList()" the database is queried.  You should wait until you refine the criteria

if (!string.IsNullOrEmpty(item))
//    query += " and itemname=" + item;
      query = query.Where(d => d.itemname == item);
if (!string.IsNullOrEmpty(description))
//    query += " and description=" + description;
      query = query.Where(d => d.description == description);
if (!string.IsNullOrEmpty(price))
//    query += " and price=" + price;
      query = query.Where(d => d.price == price);
  
var InventoryData = query.ToList(); //The query to the db will include all the where clauses you add 
 
Share this answer
 
Comments
Maciej Los 19-Jan-16 12:51pm    
5ed!
First of all, your SQL code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Secondly, to apply filters to a LINQ query, you just chain calls to the Where method:
C#
var query = GetItems();
if (!string.IsNullOrEmpty(item))
{
    query = query.Where(d => d.ItemName == item);
}
if (!string.IsNullOrEmpty(description))
{
    query = query.Where(d => d.Description == description);
}
if (!string.IsNullOrEmpty(price))
{
    // TODO: Use the correct data type to store the price.
    query = query.Where(d => d.Price == price);
}

var inventoryData = query.ToList();

NB: Your GetItems method should return an IQueryable<T> instance, so that the filters are passed to the SQL query. Don't call ToList until you have built the entire query; otherwise, all of the data will be loaded into memory before the filtering takes place.



Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
SQL injection attack mechanics | Pluralsight [^]
 
Share this answer
 
Comments
Andy Lanng 19-Jan-16 8:51am    
Great solution. Beat me to it and is much better explained. 6* (if only ^_^)
Maciej Los 19-Jan-16 12:51pm    
5ed!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900