Link to home
Start Free TrialLog in
Avatar of Camillia
CamilliaFlag for United States of America

asked on

Code works but looking for a better way

This code works. I've used LINQ to SQL on some projects but now wondering if there's a better way of coding this. I'm using stored procs and I want to see if I can use parameters for the stored proc. I don't want to use Entity Framework

1. I have a DBML
2. I have a stored proc
3. I have a model

4. I call the stored proc like this

 

  private LPDataContext _dbContext;
        public FormsRepository()
        {
            _dbContext = new LPDataContext();
        }

_dbContext.usp_InsertPersonali765Draft(model.ApplyReasonId, firstName, model.MiddleName,
                    familyName,
                    otherFirstName1, model.OtherMiddleName1, otherFamilyName1, otherFirstName2,
                    model.OtherMiddleName2,otherFamilyName2, otherFirstName3, model.OtherMiddleName3, otherFamilyName3,
                    streetAddress, model.AptNumber, city, model.StateId, model.ZipCode,
                   int.Parse(model.CountryOfNationality),
                    model.BirthCity, model.BirthState,int.Parse(model.CountryOfBirth), dateOfBirth, model.Gender,
                    model.MaritalStatusCode, model.UserName);

Open in new window


Is this code ok? should I leave it as is?  

How can I call the stored proc with parameters? This is an example of Linq to SQL insert but it doesn't use a stored proc Example

Another one here but it's not a stored proc Another example

EDIT: I'm concerened about SQL Injection but maybe how I have it is correct. See here Example 3 It says
Linq to SQL turns the curly braces into a parameterized query.
SOLUTION
Avatar of kaufmed
kaufmed
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Camillia

ASKER

Define "better".

I just edited the question. I think we posted at the same time. I'm concerned about SQL Injection but what I have is probably ok because of the last link I posted  
Linq to SQL turns the curly braces into a parameterized query.

By "better", I mean using parametrized query with Linq to SQL to avoid SQL Injection.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Let me take a look.
I don't understand Kyle's response tho. You're saying linq to SQL takes care of parameterized query and how I have it now is ok?
Correct.  You're essentially calling C# code and linq to SQL does the "heavy lifting" of converting it to a parameterized query.
Hi Camillia;

Linq to SQL and Linq to Entity Framework both parameterize the query and SP's it sends to the server.
Thanks, guys. Reading the links posted here to get a better understanding.
Not a problem Camillia, always glad to help.