Chapter 26: CRUD: Delete in C#
Delete rows safely. In this chapter, you will learn crud: delete in depth with C# code examples, explanations, and best practices.
Overview
This chapter covers crud: delete for Kungfu.js developers using C#. We will start with the basics, move through practical examples, and end with advanced techniques and common pitfalls.
Why This Matters
Understanding crud: delete is essential because it is a core part of building web applications. Every real-world app needs to handle delete rows safely. Skipping this chapter would leave a gap in your knowledge that would cause problems later.
Code Example
Here is how to work with databases in C#:
// Delete by primary key
let deleted = User::delete_by_pk(1, &db).await?;
println!("Deleted {} rows", deleted);
// Delete with WHERE
let deleted = User::delete_where("status", "inactive", &db).await?;
How the ORM Works
The Kungfu.js ORM uses parameterized queries. This means user input never gets interpolated into SQL strings. Instead, placeholders like $1, $2 are used, and the actual values are passed separately. This makes SQL injection impossible.
For example, if you search for a user by email, the ORM generates: SELECT * FROM users WHERE email = $1 and passes the email value as a parameter. Even if the email contains SQL code like ' OR 1=1 --, it is treated as a plain string, not as SQL.
Common Mistakes
- Not reading the documentation: Always check the API reference when something does not work as expected.
- Skipping security: Never disable the default middleware unless you have a very good reason. Security is not optional.
- Not testing: Write tests for your handlers. Kungfu.js makes this easy with the built-in test utilities.
Summary
In this chapter, you learned about crud: delete in C#. You saw code examples, understood how things work under the hood, and learned about common mistakes to avoid.
What is Next?
In chapter 27, we will cover Query Builder: Type-safe parameterized queries explained.