using System;
using System.Data;
using System.Data.SqlClient;

class Demo {

   //  Connection string, change server and database as needed!
   private static string
       strConn = @"Integrated Security=SSPI;" +
                 @"Data Source=(local);Initial Catalog=tempdb;";

   // Constants for the demo.
   private static int      intval = 123456;
   private static string   strval = "alpha (α) and beta (β)";
   private static double   fltval = 17.0/3.0;
   private static decimal  decval = 456.76M;
   private static DateTime dtval  = DateTime.Now;

   // Properly written method to insert a row into typetbl.
   public static void InsertTbl () {

      using(SqlConnection cn = new SqlConnection(strConn)) {
      using(SqlCommand cmd = new SqlCommand()) {
         cmd.CommandType = CommandType.Text;

      cmd.CommandText =
           @"INSERT dbo.typetbl(intcol, strcol, fltcol, deccol, dtcol)
                 VALUES(@intval, @strval, @fltval, @decval, @dtval)
             SELECT @ident = scope_identity()";

         cmd.Parameters.Add("@intval", SqlDbType.Int).Value = intval;
         cmd.Parameters.Add("@strval", SqlDbType.NVarChar, 25).Value = strval;
         cmd.Parameters.Add("@fltval", SqlDbType.Float).Value = fltval;
         cmd.Parameters.Add("@decval", SqlDbType.Decimal).Value = decval;
         cmd.Parameters["@decval"].Precision = 8;
         cmd.Parameters["@decval"].Scale = 2;
         cmd.Parameters.Add("@dtval", SqlDbType.DateTime).Value = dtval;
         cmd.Parameters.Add("@ident", SqlDbType.Int);
         cmd.Parameters["@ident"].Direction = ParameterDirection.Output;

         cmd.Connection = cn;
         cn.Open();

         cmd.ExecuteNonQuery();

         int identval = Convert.ToInt32(cmd.Parameters["@ident"].Value);
         Console.WriteLine("The inserted row has id " + identval.ToString());
      }}
   }

   // Very poorly written method which has all sorts of issues.
public static void BadInsert () {

   using(SqlConnection cn = new SqlConnection(strConn)) {
   using(SqlCommand cmd = new SqlCommand()) {
      cmd.CommandType = CommandType.Text;
      cmd.CommandText =
            @"INSERT typetbl (intcol, strcol, fltcol, deccol, dtcol)
              VALUES(" + intval.ToString() + @",
                    '" + strval + @"',
                     " + fltval.ToString() + @",
                     " + decval.ToString() + @",
                    '" + dtval.ToString() + @"')
              SELECT scope_identity()";

      Console.WriteLine(cmd.CommandText);

      cmd.Connection = cn;
      cn.Open();

      Object res = cmd.ExecuteScalar();

      int identval = Convert.ToInt32(res);
      Console.WriteLine("The inserted row has id " + identval.ToString());
   }}
}


   static void Main(string[] args) {
      bool run_good;
      int  first_ix = 0;

      // Parse command line.
      if (args.Length == 0) {
         // If no args given, we run the Good procedure.
         run_good = true;
      }
      else if (args[0] == "GOOD") {
         // GOOD explicitly requested.
         run_good = true;
         first_ix = 1;
      }
      else if (args[0] == "BAD") {
         // BAD explicitly requested.
         run_good = false;
         first_ix = 1;
      }
      else {
         // uss default.
         run_good = true;
      }

      if (args.Length > first_ix) {
         // There is input for strval.
         strval = "";
         for (int ix = first_ix; ix < args.Length; ix++) {
            strval += (ix > first_ix ? " " : "") + args[ix];
         }
      }

      // Now call the requested method.
      try {
         if (run_good) {
             InsertTbl();
         }
         else {
             BadInsert();
         }
      }
      catch (Exception ex) {
         Console.WriteLine("EXCEPTION THROWN: " + ex.Message);
      }
   }
}