Bitte überprüfen Sie meinen Controller meiner ASP.NET MVC-Anwendung [geschlossen] ⇐ C#

[Guest]

Modellklasse:
public class Student
{
public int Id { get; set; }

[Required]
public string Name { get; set; }

[Required]
[Phone]
public string Contact { get; set; }
}

DbContext:
public class ApplicationDbContext : DbContext
{
public ApplicationDbContext(DbContextOptions options) : base(options)
{ }

public DbSet Students { get; set; }
}

Gespeicherte Prozedur:
CREATE PROCEDURE CRUDProcedure
@Operation NVARCHAR(10), -- 'INSERT', 'UPDATE', 'DELETE', 'SELECT'
@TableName NVARCHAR(100),
@Column NVARCHAR(MAX) = NULL,
@PrimaryKeyName NVARCHAR(100),
@PrimaryKeyValue INT
AS
BEGIN
SET NOCOUNT ON;

DECLARE @sql NVARCHAR(MAX)

IF @Operation = 'INSERT'
BEGIN
SET @sql = 'INSERT INTO ' + @TableName + ' VALUES (' + @Column + ')'
END
ELSE IF @Operation = 'UPDATE'
BEGIN
SET @sql = 'UPDATE ' + @TableName + ' SET ' + @Column + ' WHERE ' + @PrimaryKeyName + ' = ' + CAST(@PrimaryKeyValue AS NVARCHAR)
END
ELSE IF @Operation = 'DELETE'
BEGIN
SET @sql = 'DELETE FROM ' + @TableName + ' WHERE ' + @PrimaryKeyName + ' = ' + CAST(@PrimaryKeyValue AS NVARCHAR)
END
ELSE IF @Operation = 'SELECT'
BEGIN
IF @PrimaryKeyValue = 0 OR @PrimaryKeyValue IS NULL
BEGIN
SET @sql = 'SELECT * FROM ' + @TableName
END
ELSE
BEGIN
SET @sql = 'SELECT * FROM ' + @TableName + ' WHERE ' + @PrimaryKeyName + ' = ' + CAST(@PrimaryKeyValue AS NVARCHAR)
END
END

EXEC sp_executesql @sql
END

Controller, der die oben gespeicherte Prozedur verwendet:
public class StudentController : Controller
{
private readonly ApplicationDbContext _context;

public StudentController(ApplicationDbContext context)
{
_context = context;
}

public IActionResult Index()
{
var students = _context.Students.FromSqlInterpolated($"EXEC CRUDProcedure 'SELECT', 'Students', null, 'Id', 0").ToList();
return View(students);
}

public IActionResult Create(Student student)
{
if (ModelState.IsValid)
{
string columns = "Name, Contact";
string values = $"'{student.Name.Replace("'", "''")}', '{student.Contact.Replace("'", "''")}'"; // Escape single quotes in the values
_context.Database.ExecuteSqlInterpolated($"EXEC CRUDProcedure 'INSERT', 'Students', {values}, 'Id', 0");

return RedirectToAction("Index");
}

return View(student);
}

public IActionResult Edit(Student student)
{
if (ModelState.IsValid)
{
string columns = $"Name = '{student.Name.Replace("'", "''")}', Contact = '{student.Contact.Replace("'", "''")}'";
_context.Database.ExecuteSqlInterpolated($"EXEC CRUDProcedure 'UPDATE', 'Students', {columns}, 'Id', {student.Id}");
return RedirectToAction("Index");
}

return View(student);
}

public IActionResult Delete(int id)
{
_context.Database.ExecuteSqlInterpolated($"EXEC CRUDProcedure 'DELETE', 'Students', NULL, 'Id', {id}");
return RedirectToAction("Index");
}

public IActionResult Details(int id)
{
var student = _context.Students.FromSqlRaw($"EXEC CRUDProcedure 'SELECT', 'Students', NULL, 'Id', {id}").FirstOrDefault();
return View(student);
}
}

Ich verwende Controller auch mithilfe einer generischen gespeicherten Prozedur.
Hilf mir auch, wenn du einen spezifischen Link hast, der mir zeigt, wo ich mehr darüber erfahren kann diese spezielle Richtlinie .