ObjectContext.ExecuteStoreCommand(String, Object[]) Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Executes an arbitrary command directly against the data source using the existing connection.
public:
int ExecuteStoreCommand(System::String ^ commandText, ... cli::array <System::Object ^> ^ parameters);public int ExecuteStoreCommand (string commandText, params object[] parameters);member this.ExecuteStoreCommand : string * obj[] -> intPublic Function ExecuteStoreCommand (commandText As String, ParamArray parameters As Object()) As IntegerParameters
- commandText
- String
The command to execute, in the native language of the data source.
- parameters
- Object[]
An array of parameters to pass to the command.
Returns
The number of rows affected.
Remarks
Using parameterized commands helps guard against SQL injection attacks, in which an attacker "injects" a command into a SQL statement that compromises security on the server. Parameterized commands guard against a SQL injection attack by guaranteeing that values received from an external source are passed as values only, and not part of the SQL statement. As a result, SQL commands inserted into a value are not executed at the data source. Rather, they are evaluated only as a parameter value. In addition to the security benefits, parameterized commands provide a convenient method for organizing values passed with a SQL statement or to a stored procedure.
The parameters value can be an array of DbParameter objects or an array of parameter values. If only values are supplied, an array of DbParameter objects are created based on the order of the values in the array.
The store command is executed in the context of the current transaction, if a current transaction exists.
For more information, see:
Directly Executing Store Commands and
How to: Directly Execute Commands Against the Data Source
