Chapter 26: CRUD: Delete in C#

Delete rows safely. In this chapter, you will learn crud: delete in depth with C# code examples, explanations, and best practices.

Overview

This chapter covers crud: delete for Kungfu.js developers using C#. We will start with the basics, move through practical examples, and end with advanced techniques and common pitfalls.

Why This Matters

Understanding crud: delete is essential because it is a core part of building web applications. Every real-world app needs to handle delete rows safely. Skipping this chapter would leave a gap in your knowledge that would cause problems later.

Code Example

Here is how to work with databases in C#:

// Delete by primary key
let deleted = User::delete_by_pk(1, &db).await?;
println!("Deleted {} rows", deleted);

// Delete with WHERE
let deleted = User::delete_where("status", "inactive", &db).await?;

How the ORM Works

The Kungfu.js ORM uses parameterized queries. This means user input never gets interpolated into SQL strings. Instead, placeholders like $1, $2 are used, and the actual values are passed separately. This makes SQL injection impossible.

For example, if you search for a user by email, the ORM generates: SELECT * FROM users WHERE email = $1 and passes the email value as a parameter. Even if the email contains SQL code like ' OR 1=1 --, it is treated as a plain string, not as SQL.

Common Mistakes

  • Not reading the documentation: Always check the API reference when something does not work as expected.
  • Skipping security: Never disable the default middleware unless you have a very good reason. Security is not optional.
  • Not testing: Write tests for your handlers. Kungfu.js makes this easy with the built-in test utilities.

Summary

In this chapter, you learned about crud: delete in C#. You saw code examples, understood how things work under the hood, and learned about common mistakes to avoid.

What is Next?

In chapter 27, we will cover Query Builder: Type-safe parameterized queries explained.