Update if the name exists else insert - in SQL Server

Question

I want update in my table if my given filename is already in my database else I want to insert a new row. I try this code but the EXISTS shown error please give me the correct way beacuse iam fresher in SQL

public void SaveData(string filename, string jsonobject)
{
    SqlConnection con = new SqlConnection("Data Source=.;Initial Catalog=;Integrated Security=True");
    SqlCommand cmd;
    SqlCommand cmda;

    if EXISTS("SELECT * FROM T_Pages WHERE pagename = '" + filename + "") {
        cmda = new SqlCommand("UPDATE T_Pages SET pagename='" + filename + "',pageinfo='" + jsonobject + "' WHERE pagename='" + filename + "'", con);
        cmda.ExecuteNonQuery();
    }
    else {
        cmd = new SqlCommand("insert into T_Pages (pagename,pageinfo) values('" + filename + "','" + jsonobject + "')", con);
        cmd.ExecuteNonQuery();
    }

    con.Close();
}

Answer 1

You should

• use parameters in your query - ALWAYS! - no exception
• create a single query that handles the IF EXISTS() part on the server
• use the generally accepted ADO.NET best practices of putting things into using() {....} blocks etc.

Try this code:

public void SaveData(string filename, string jsonobject)
{
    // define connection string and query
    string connectionString = "Data Source=.;Initial Catalog=;Integrated Security=True";
    string query = @"IF EXISTS(SELECT * FROM dbo.T_Pages WHERE pagename = @pagename)
                        UPDATE dbo.T_Pages 
                        SET pageinfo = @PageInfo
                        WHERE pagename = @pagename
                    ELSE
                        INSERT INTO dbo.T_Pages(PageName, PageInfo) VALUES(@PageName, @PageInfo);";

    // create connection and command in "using" blocks
    using (SqlConnection conn = new SqlConnection(connectionString))
    using (SqlCommand cmd = new SqlCommand(query, conn))
    {
        // define the parameters - not sure just how large those 
        // string lengths need to be - use whatever is defined in the
        // database table here!
        cmd.Parameters.Add("@PageName", SqlDbType.VarChar, 100).Value = filename;
        cmd.Parameters.Add("@PageInfo", SqlDbType.VarChar, 200).Value = jsonobject;

        // open connection, execute query, close connection
        conn.Open();
        int rowsAffected = cmd.ExecuteNonQuery();
        conn.Close();
    }
}

Answer 2

How about using one MERGE statement?
Of course with parameters to avoid a risk of SQL injection.

public void SaveData(string filename, string jsonobject)
{
  SqlConnection con = new SqlConnection("Data Source=.;Initial Catalog=;Integrated Security=True");

  SqlCommand cmd;

  cmd = new SqlCommand(@"
    MERGE T_Pages AS target  
    USING (SELECT @PageName as pagename, @PageInfo as pageinfo) AS source 
    ON (target.pagename = source.pagename)  
    WHEN MATCHED THEN   
        UPDATE SET pageinfo = source.pageinfo  
    WHEN NOT MATCHED THEN  
    INSERT (pagename, pageinfo)  
    VALUES (source.pagename, source.pageinfo)", con);

   cmd.Parameters.Add(new SqlParameter("@PageName", filename));
   cmd.Parameters.Add(new SqlParameter("@PageInfo", jsonobject));

   con.Open();
   cmd.ExecuteNonQuery();
   con.Close();
 }

Answer 3

Create a Stored procedure on the database along the lines of

CREATE PROCEDURE T_Pages_Write  (@pagename nvarchar(256) ,@pageinfo nvarchar(max)) 
AS
IF EXISTS (SELECT pagename from T_Pages WHERE pagename = @pagename)
UPDATE T_Pages SET pageinfo = @pageinfo WHERE pagename = @pagename
ELSE 
INSERT T_Pages (pagename, Pageinfo) VALUES (@pagename, @Pageinfo)

And call that from your code. You really should do that with a parameterised command (There will be loads of other questions advising you on the best way to do that). If you're willing to run the risk of SQL injection attacks and don't mind it failing if there's a single quote character in your data then you can do it the quick and dirty way like this

cmd = new SqlCommand("EXEC T_PagesWrite @pagename = '" + filename + "', @pageinfo ='" + jsonobject + "'", con);

Answer 4

You can done this with one Query

where you want to decalre flag variable of type int ( you also make it of type tinyint, it's up to you) and if the count is 0, means no rows ,else you update your Query

SqlConnection con = new SqlConnection("Data Source=.;Initial Catalog=;Integrated Security=True");
SqlCommand cmd;
cmda = new SqlCommand("declare @flag int ;set @flag = 0;select @flag = COUNT(*) FROM T_Pages WHERE pagename = '" + filename + "';IF @flag = 1 UPDATE T_Pages SET pagename='" + filename + "',pageinfo='" + jsonobject + "' WHERE pagename='" + filename + "';ELSE insert into T_Pages (pagename,pageinfo) values('" + filename + "','" + jsonobject + "');", con);
cmda.ExecuteNonQuery();
con.Close();

Answer 5

public void SaveData(string filename, string jsonobject)
    {
        SqlConnection con = new SqlConnection("Data Source=.;Initial Catalog=;Integrated Security=True");
        SqlCommand cmd;
        SqlCommand cmda;

        SqlDataAdapter da = new SqlDataAdapter("SELECT * FROM T_Pages WHERE pagename = '" + filename + "", con);
        DataSet ds = new DataSet();
        da.Fill(ds);



        if (ds.Tables[0].Rows.Count > 0)
        {

            cmda = new SqlCommand("UPDATE T_Pages SET pagename='" + filename + "',pageinfo='" + jsonobject + "' WHERE pagename='" + filename + "'", con);
            cmda.ExecuteNonQuery();
        }
        else
        {
            cmd = new SqlCommand("insert into T_Pages (pagename,pageinfo) values('" + filename + "','" + jsonobject + "')", con);
            cmd.ExecuteNonQuery();
        }


        con.Close();



    }