3

My question is how can I pass multiple parameter to DELETE request.

My controller class as follow,

namespace MYAPI1.Controllers
{
    public class TaskController : ApiController
    {
        // DELETE: api/Task/5
        [Route("api/Task/id1/id2/{id3}")]
        public void Delete(int id,int id2, string id3)
        {
            TaskPersistent tp = new TaskPersistent();
            tp.deleteTask(id,id2,id3);
        }
    }
}

TaskPersistent.class as follow,

public class TaskPersistent
{
    public void deleteTask(int id, int id2, string id3)
    {

        try
        {
            string sqlString = "DELETE from devproj WHERE (DeveloperID, ProjectID, WorkDate) =  VALUES ('" + id + "', '" + id2 + "', '" + id3 + "');";
            MySql.Data.MySqlClient.MySqlCommand cmd = new MySql.Data.MySqlClient.MySqlCommand(sqlString, conn);
            cmd.ExecuteNonQuery();
            long x = cmd.LastInsertedId;

        }
        catch (Exception x)
        {
            Console.WriteLine(x);
        }

    }

}

I try to consume this using postman like this,http://localhost:10927/api/Task?id1=1&id2=5&id3="2018-03-14" but which not working, please help me to solve this.

Improve this question
4
  • Possible duplicate of What are good ways to prevent SQL injection? Commented Mar 13, 2018 at 20:44
  • @mjwills Is this same as that question? lol Commented Mar 13, 2018 at 20:45
  • VALUES ('" + id + "', '" + id2 + "', '" + id3 + "');" You have your current bug. And it is bad. But it is nothing compared to the security hole that code is introducing. Hence the link I suggested. Commented Mar 13, 2018 at 20:47
  • @mjwills Ok thanks anyway :) Commented Mar 13, 2018 at 20:48

3 Answers 3

Reset to default
8

Try the following 

    [Route("api/Task/{id:int}/{id2:int}/{id3}")]
    public void Delete(int id,int id2, string id3)
    {
        TaskPersistent tp = new TaskPersistent();
        tp.deleteTask(id,id2,id3);
    }

Call it via: http://localhost:10927/api/Task/1/2/"2018-03-14"

--- OR --- 

    [Route("api/Task")]
    public void Delete(int id,int id2, string id3)
    {
        TaskPersistent tp = new TaskPersistent();
        tp.deleteTask(id,id2,id3);
    }

Call it via: http://localhost:10927/api/Task?id=1&id2=2&id3="2018-03-14"

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

when is use routing as [Route("api/Task/{id1:int}/{id2:int}/{id3:string}")] this following Exception thrown: System.InvalidOperationException' in System.Web.Http.dll in Global.asax.cs could you explain why
The inline constraint resolver of type 'DefaultInlineConstraintResolver' was unable to resolve the following inline constraint: 'string'.
My bad, you need to take ":string" off of id3. string is the default type and it dosn't like being told what it already is
how is the behaviour when passing a guid? do I just mark the parameter in the route as {paramName:guid}?
3

Try passing a view model:

public class YourViewModel {
     public int Id1 { get; set;} 
     public int Id2 { get; set;} 
     public string Id3 { get; set;} 

   }

Then 

[HttpPost]
[Route("api/Task")]
 public void Delete([FromBody] YourViewModel model)
 {
     TaskPersistent tp = new TaskPersistent();
     tp.deleteTask(model.Id1, model.Id2, model.Id3);
 }

In this way you don't have to specify the parameters in the query string. But you have to ensure that the request header has:

'Content-Type: application/json'

Update: In case you need to give it a try, this is how you need to call it from the client side in case you are using JQuery:

var myModel= { Id1:1, Id2:11 Id3:"test" }
$.ajax({
    type: 'POST',
    url: 'http://localhost:10927/api/Task',
    data: JSON.stringify(myModel),
    contentType: 'application/json;',
    dataType: 'json',
    success: function(data){  }
});
Improve this answer

3 Comments

I already tried this way too and used model class. but my problem is not solved
You need to show how are you posting data and what's happening in this case.
Ok then, how to implement deleteTask method in TaskPersistent.class
-1 
[HttpDelete]
public async Task<IActionResult> Delete(List<string> ids)
{
  await _mapService.RemoveAsync(ids);
  var ret = CreatedAtAction(nameof(Delete), new { ids = ids }, ids);

  return ret;
}

Curl

curl -X 'DELETE' \
  'https://localhost:44307/api/Map' \
  -H 'accept: */*' \
  -H 'Content-Type: application/json' \
  -d '[
  "623b35de9f6cedc3a22f7b37",
"623b35de9f6cedc3a22f7b38"
]'

Response body
Download
[
  "623b35de9f6cedc3a22f7b37",
  "623b35de9f6cedc3a22f7b38"
]
Response headers
 content-type: application/json; charset=utf-8 
 date: Wed,23 Mar 2022 15:00:39 GMT 
 location: https://localhost:44307/api/Map?ids=623b35de9f6cedc3a22f7b37&ids=623b35de9f6cedc3a22f7b38 
 server: Microsoft-IIS/10.0 
 x-powered-by: ASP.NET
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.