ASP.NET Core code example with code smells for Junior Dev from ChatGPT

0UserController.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
using System.Data.SqlClient;

namespace UserRegistration.Controllers
{
    [ApiController]
    [Route("[controller]")]
    public class UserController : ControllerBase
    {
        private readonly string _connectionString;

        public UserController()
        {
            _connectionString = "Server=myServerAddress;Database=myDataBase;User Id=myUsername;Password=myPassword;";
        }

        [HttpPost]
        public ActionResult RegisterUser(string username, string password, string email)
        {
            var userExists = CheckIfUserExists(username, email);

            if (userExists)
            {
                return BadRequest("User already exists.");
            }

            var query = "INSERT INTO Users (Username, Password, Email) VALUES ('" + username + "', '" + password + "', '" + email + "')";

            using (var conn = new SqlConnection(_connectionString))
            {
                using (var command = new SqlCommand(query, conn))
                {
                    conn.Open();
                    command.ExecuteNonQuery();
                    conn.Close();
                }
            }

            return Ok("User registered successfully.");
        }

        private bool CheckIfUserExists(string username, string email)
        {
            var query = "SELECT * FROM Users WHERE Username='" + username + "' OR Email='" + email + "'";
            var exists = false;

            using (var conn = new SqlConnection(_connectionString))
            {
                using (var command = new SqlCommand(query, conn))
                {
                    conn.Open();
                    using (var reader = command.ExecuteReader())
                    {
                        exists = reader.HasRows;
                    }
                    conn.Close();
                }
            }

            return exists;
        }
    }
}

1 answers from CharGPT.md

This code has several issues, including:

• Security vulnerability: The code is vulnerable to SQL injection attacks, as it is concatenating user input directly into SQL queries.
• Lack of parameter validation: The code does not validate the input parameters, which can lead to unexpected behavior or errors.
• Duplicate code: The code contains duplicate code for opening and closing a database connection, which can lead to maintainability issues.
• Magic strings: The code uses hardcoded strings for database connection information and SQL queries, which can make the code harder to read and maintain.
• Lack of error handling: The code does not handle any exceptions that may occur during the database operation, which can lead to unexpected behavior or errors. A Junior ASP.NET Core developer should be able to identify these code smells and provide recommendations for how to improve the code. For example, they could recommend using parameterized queries to prevent SQL injection attacks, validating user input before processing it, refactoring the code to use a single database connection helper class, using configuration files to store database connection information, and implementing error handling to ensure that the application responds gracefully to errors.

2 another smells.md

• Missing DI and DIP
• Buisiness-login in a controller
• Missing repository pattern
• The code is not async
• Why is using low-level ADO.NET? Instead of Dapper or EF.
• Missing explicit actions paths