How to dynamically build an insert command from Datatable in c#
I am facing some problem with making a SQL insert statement dynamically from a dataTable object in c#. I want to know the best practices to make it.Here is my code snippet , I have tried so far.
String sqlCommandInsert = "INSERT INTO dbo.RAW_DATA(";
String sqlCommandValue = "";
foreach (DataColumn dataColumn in dataTable.Columns)
{
sqlCommandInsert += dataColumn + ",";
}
sqlCommandInsert += sqlCommandInsert.TrimEnd(',');
sqlCommandInsert += ") VALUE(";
for (int i = 0; i < dataTable.Rows.Count; i++)
{
sqlCommandValue += "'" + dataTable.Rows[i].ItemArray[i] + "',";
}
var insertCommand = sqlCommandInsert;
sqlCommandValue = sqlCommandValue.TrimEnd(',');
var command = insertCommand + sqlCommandValue + ")";
dataContext.Database.ExecuteSqlCommand(command);
Any suggestion would be appreciated :) Regards.
Answer
Use VALUES instead of VALUE. Apart from that you should always use sql-parameters:
string columns = string.Join(","
, dataTable.Columns.Cast<DataColumn>().Select(c => c.ColumnName));
string values = string.Join(","
, dataTable.Columns.Cast<DataColumn>().Select(c => string.Format("@{0}", c.ColumnName)));
String sqlCommandInsert = string.Format("INSERT INTO dbo.RAW_DATA({0}) VALUES ({1})" , columns, values);
using(var con = new SqlConnection("ConnectionString"))
using (var cmd = new SqlCommand(sqlCommandInsert, con))
{
con.Open();
foreach (DataRow row in dataTable.Rows)
{
cmd.Parameters.Clear();
foreach (DataColumn col in dataTable.Columns)
cmd.Parameters.AddWithValue("@" + col.ColumnName, row[col]);
int inserted = cmd.ExecuteNonQuery();
}
}