Chapter 25: CRUD: Update in C#

Update rows by primary key. In this chapter, you will learn crud: update in depth with C# code examples, explanations, and best practices.

Overview

This chapter covers crud: update for Kungfu.js developers using C#. We will start with the basics, move through practical examples, and end with advanced techniques and common pitfalls.

Why This Matters

Understanding crud: update is essential because it is a core part of building web applications. Every real-world app needs to handle update rows by primary key. Skipping this chapter would leave a gap in your knowledge that would cause problems later.

Code Example

Here is how to work with databases in C#:

// Update by primary key
let affected = User::update_by_pk(&db, 1, vec![
    ("email", json!("new@email.com")),
    ("status", json!("inactive")),
]).await?;

How the ORM Works

The Kungfu.js ORM uses parameterized queries. This means user input never gets interpolated into SQL strings. Instead, placeholders like $1, $2 are used, and the actual values are passed separately. This makes SQL injection impossible.

For example, if you search for a user by email, the ORM generates: SELECT * FROM users WHERE email = $1 and passes the email value as a parameter. Even if the email contains SQL code like ' OR 1=1 --, it is treated as a plain string, not as SQL.

Common Mistakes

  • Not reading the documentation: Always check the API reference when something does not work as expected.
  • Skipping security: Never disable the default middleware unless you have a very good reason. Security is not optional.
  • Not testing: Write tests for your handlers. Kungfu.js makes this easy with the built-in test utilities.

Summary

In this chapter, you learned about crud: update in C#. You saw code examples, understood how things work under the hood, and learned about common mistakes to avoid.

What is Next?

In chapter 26, we will cover CRUD: Delete: Delete rows safely.