Click here to Skip to main content
15,358,946 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
I'm currently struggling to send a JSON via post request into my controller to use it further by calling a stored procedure.

Here is the post request using axios:

async returnJSON(model) {
      this.info = await axios.post(
          "https://localhost:44349/api/items/AddItem/",model)
        .then((response) => response.data);


Here is the structure of model
{
  "arrayAutori": [
    {
      "dinUniversitate": true,
      "creatorType": 4,
      "creatorID": 3
    }
  ],
  "itemID": "",
  "itemTypeID": 6,      
  "drepturiDeAutor": {
    "valueID": "",
    "fieldID": 15
  },
  "isbn": {
    "valueID": "",
    "fieldID": 25
  },
  "limba": {
    "valueID": "",
    "fieldID": 7
  },
  "numarPagini": {
    "valueID": "",
    "fieldID": 43
  },
  "data": {
    "valueID": "",
    "fieldID": 6
  },
  "editura": {
    "valueID": "",
    "fieldID": 23
  },
  "editie": {
    "valueID": "",
    "fieldID": 42
  },
  "volum": {
    "valueID": "",
    "fieldID": 19
  },
  "numarColectie": {
    "valueID": "",
    "fieldID": 41
  },
  "titlu": {
    "valueID": "",
    "fieldID": 1
  }
}


And here is my controller:
public string AddItem( JObject jsonString)
       {
           db.Database.ExecuteSqlCommand("exec zotero.PublicationsMerge " + jsonString);
           db.SaveChanges();
           return "1";
       }


What I have tried:

I can not make a model class to use it, because that JSON may vary depending on the publications. Also, when I'm debugging this controller, jsonString looks like this:
{{
  "arrayAutori": [
    {
      "dinUniversitate": true,
      "creatorType": 4,
      "creatorID": 3
    }
  ],
  "itemID": "",
  "itemTypeID": 6,
  "drepturiDeAutor": {
    "valueID": "",
    "fieldID": 15
  },
  "isbn": {
    "valueID": "",
    "fieldID": 25
  },
  "limba": {
    "valueID": "",
    "fieldID": 7
  },
  "numarPagini": {
    "valueID": "",
    "fieldID": 43
  },
  "data": {
    "valueID": "",
    "fieldID": 6
  },
  "editura": {
    "valueID": "",
    "fieldID": 23
  },
  "editie": {
    "valueID": "",
    "fieldID": 42
  },
  "volum": {
    "valueID": "",
    "fieldID": 19
  },
  "numarColectie": {
    "valueID": "",
    "fieldID": 41
  },
  "titlu": {
    "valueID": "",
    "fieldID": 1
  }
}}


I don't know why, but it adds another pair of {}. What am I doing wrong?
Posted
Updated 30-Apr-22 7:19am
v2
Comments
Graeme_Grant 30-Apr-22 6:37am
   
What type of app? Winforms/wpf/console or asp.net or Xamarin or Maui? Which framework? Dot Net or Dot Net Core?
Remus Nedelcu 30-Apr-22 12:05pm
   
Asp.Net with dot net framework
Sandeep Mewara 30-Apr-22 23:55pm
   
Just try this while using it post response and see if your extra braces issue get resolved:
jObject.ToString() instead of just jObject
Remus Nedelcu 1-May-22 3:35am
   
Unfortunately, it doesn't work
Richard Deeming 3-May-22 11:57am
   
db.Database.ExecuteSqlCommand("exec zotero.PublicationsMerge " + jsonString);

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900