Database.ExecuteSqlCommand
Database.ExecuteSqlCommand is very useful when leveraging Entity Framework 4.1/4.2 Code First model to do the data access or object relational mapping. To make sure your code is bullet proof for SQL injection attacks, you must use the parameterized SQL script when calling this method. Following is an example for this purpose.
context.Database.ExecuteSqlCommand("delete MasterSmsCampaignCertificateInfo where MasterSmsCampaignGuid = @p0 and CertificateId = @p1",
TheCampaignGuid,
certInfo.CertificateId);
Comments
Anonymous
May 30, 2012
If you're doing a SQL WHERE [MasterSmsCampaignGuid] LIKE '%XYZ%PDQ%' what is the context.Database.ExecuteSqlCommand syntax?Anonymous
November 04, 2012
You would do something like this context.Database.ExecuteSqlCommand("delete MasterSmsCampaignCertificateInfo where MasterSmsCampaignGuid LIKE '%' + @p0 + '%'", "XYZ%PDQ"); or context.Database.ExecuteSqlCommand("delete MasterSmsCampaignCertificateInfo where MasterSmsCampaignGuid LIKE '%' + @p0 + '%' + @p1 + '%'", "XYZ", "PDQ");