RelationalDatabaseFacadeExtensions.ExecuteSqlCommand Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Overloads
| ExecuteSqlCommand(DatabaseFacade, FormattableString) |
Obsolete.
Executes the given SQL against the database and returns the number of rows affected. Note that this method does not start a transaction. To use this method with a transaction, first call BeginTransaction(DatabaseFacade, IsolationLevel) or UseTransaction(DatabaseFacade, DbTransaction). Note that the current ExecutionStrategy is not used by this method since the SQL may not be idempotent and does not run in a transaction. An ExecutionStrategy can be used explicitly, making sure to also use a transaction if the SQL is not idempotent.
As with any API that accepts SQL it is important to parameterize any user input to protect against a SQL injection
attack. You can include parameter place holders in the SQL query string and then supply parameter values as additional
arguments. Any parameter values you supply will automatically be converted to a DbParameter -
|
| ExecuteSqlCommand(DatabaseFacade, RawSqlString, IEnumerable<Object>) |
Obsolete.
Executes the given SQL against the database and returns the number of rows affected. Note that this method does not start a transaction. To use this method with a transaction, first call BeginTransaction(DatabaseFacade, IsolationLevel) or UseTransaction(DatabaseFacade, DbTransaction). Note that the current ExecutionStrategy is not used by this method since the SQL may not be idempotent and does not run in a transaction. An ExecutionStrategy can be used explicitly, making sure to also use a transaction if the SQL is not idempotent. As with any API that accepts SQL it is important to parameterize any user input to protect against a SQL injection attack. You can include parameter place holders in the SQL query string and then supply parameter values as additional arguments. Any parameter values you supply will automatically be converted to a DbParameter. You can also consider using ExecuteSqlInterpolated to use interpolated string syntax to create parameters. |
| ExecuteSqlCommand(DatabaseFacade, RawSqlString, Object[]) |
Obsolete.
Executes the given SQL against the database and returns the number of rows affected. Note that this method does not start a transaction. To use this method with a transaction, first call BeginTransaction(DatabaseFacade, IsolationLevel) or UseTransaction(DatabaseFacade, DbTransaction). Note that the current ExecutionStrategy is not used by this method since the SQL may not be idempotent and does not run in a transaction. An ExecutionStrategy can be used explicitly, making sure to also use a transaction if the SQL is not idempotent.
As with any API that accepts SQL it is important to parameterize any user input to protect against a SQL injection
attack. You can include parameter place holders in the SQL query string and then supply parameter values as additional
arguments. Any parameter values you supply will automatically be converted to a DbParameter -
|
| ExecuteSqlCommand(DatabaseFacade, String, Object[]) |
ExecuteSqlCommand(DatabaseFacade, FormattableString)
Caution
For the execution of SQL queries using plain strings, use ExecuteSqlRaw instead. For the execution of SQL queries using interpolated string syntax to create parameters, use ExecuteSqlInterpolated instead.
Executes the given SQL against the database and returns the number of rows affected.
Note that this method does not start a transaction. To use this method with a transaction, first call BeginTransaction(DatabaseFacade, IsolationLevel) or UseTransaction(DatabaseFacade, DbTransaction).
Note that the current ExecutionStrategy is not used by this method since the SQL may not be idempotent and does not run in a transaction. An ExecutionStrategy can be used explicitly, making sure to also use a transaction if the SQL is not idempotent.
As with any API that accepts SQL it is important to parameterize any user input to protect against a SQL injection
attack. You can include parameter place holders in the SQL query string and then supply parameter values as additional
arguments. Any parameter values you supply will automatically be converted to a DbParameter -
context.Database.ExecuteSqlCommand($"SELECT * FROM [dbo].[SearchBlogs]({userSuppliedSearchTerm})").
public static int ExecuteSqlCommand (this Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade databaseFacade, FormattableString sql);[System.Obsolete("For the execution of SQL queries using plain strings, use ExecuteSqlRaw instead. For the execution of SQL queries using interpolated string syntax to create parameters, use ExecuteSqlInterpolated instead.")]
public static int ExecuteSqlCommand (this Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade databaseFacade, FormattableString sql);static member ExecuteSqlCommand : Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade * FormattableString -> int[<System.Obsolete("For the execution of SQL queries using plain strings, use ExecuteSqlRaw instead. For the execution of SQL queries using interpolated string syntax to create parameters, use ExecuteSqlInterpolated instead.")>]
static member ExecuteSqlCommand : Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade * FormattableString -> int<Extension()>
Public Function ExecuteSqlCommand (databaseFacade As DatabaseFacade, sql As FormattableString) As IntegerParameters
- databaseFacade
- DatabaseFacade
The DatabaseFacade for the context.
The interpolated string representing a SQL query with parameters.
Returns
The number of rows affected.
- Attributes
Applies to
ExecuteSqlCommand(DatabaseFacade, RawSqlString, IEnumerable<Object>)
Caution
For the execution of SQL queries using plain strings, use ExecuteSqlRaw instead. For the execution of SQL queries using interpolated string syntax to create parameters, use ExecuteSqlInterpolated instead.
Executes the given SQL against the database and returns the number of rows affected.
Note that this method does not start a transaction. To use this method with a transaction, first call BeginTransaction(DatabaseFacade, IsolationLevel) or UseTransaction(DatabaseFacade, DbTransaction).
Note that the current ExecutionStrategy is not used by this method since the SQL may not be idempotent and does not run in a transaction. An ExecutionStrategy can be used explicitly, making sure to also use a transaction if the SQL is not idempotent.
As with any API that accepts SQL it is important to parameterize any user input to protect against a SQL injection attack. You can include parameter place holders in the SQL query string and then supply parameter values as additional arguments. Any parameter values you supply will automatically be converted to a DbParameter. You can also consider using ExecuteSqlInterpolated to use interpolated string syntax to create parameters.
public static int ExecuteSqlCommand (this Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade databaseFacade, Microsoft.EntityFrameworkCore.RawSqlString sql, System.Collections.Generic.IEnumerable<object> parameters);[System.Obsolete("For the execution of SQL queries using plain strings, use ExecuteSqlRaw instead. For the execution of SQL queries using interpolated string syntax to create parameters, use ExecuteSqlInterpolated instead.")]
public static int ExecuteSqlCommand (this Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade databaseFacade, Microsoft.EntityFrameworkCore.RawSqlString sql, System.Collections.Generic.IEnumerable<object> parameters);static member ExecuteSqlCommand : Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade * Microsoft.EntityFrameworkCore.RawSqlString * seq<obj> -> int[<System.Obsolete("For the execution of SQL queries using plain strings, use ExecuteSqlRaw instead. For the execution of SQL queries using interpolated string syntax to create parameters, use ExecuteSqlInterpolated instead.")>]
static member ExecuteSqlCommand : Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade * Microsoft.EntityFrameworkCore.RawSqlString * seq<obj> -> int<Extension()>
Public Function ExecuteSqlCommand (databaseFacade As DatabaseFacade, sql As RawSqlString, parameters As IEnumerable(Of Object)) As IntegerParameters
- databaseFacade
- DatabaseFacade
The DatabaseFacade for the context.
- sql
- RawSqlString
The SQL to execute.
- parameters
- IEnumerable<Object>
Parameters to use with the SQL.
Returns
The number of rows affected.
- Attributes
Applies to
ExecuteSqlCommand(DatabaseFacade, RawSqlString, Object[])
Caution
For the execution of SQL queries using plain strings, use ExecuteSqlRaw instead. For the execution of SQL queries using interpolated string syntax to create parameters, use ExecuteSqlInterpolated instead.
Executes the given SQL against the database and returns the number of rows affected.
Note that this method does not start a transaction. To use this method with a transaction, first call BeginTransaction(DatabaseFacade, IsolationLevel) or UseTransaction(DatabaseFacade, DbTransaction).
Note that the current ExecutionStrategy is not used by this method since the SQL may not be idempotent and does not run in a transaction. An ExecutionStrategy can be used explicitly, making sure to also use a transaction if the SQL is not idempotent.
As with any API that accepts SQL it is important to parameterize any user input to protect against a SQL injection
attack. You can include parameter place holders in the SQL query string and then supply parameter values as additional
arguments. Any parameter values you supply will automatically be converted to a DbParameter -
context.Database.ExecuteSqlCommand("SELECT * FROM [dbo].[SearchBlogs]({0})", userSuppliedSearchTerm).
You can also consider using ExecuteSqlInterpolated to use interpolated string syntax to create parameters.
public static int ExecuteSqlCommand (this Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade databaseFacade, Microsoft.EntityFrameworkCore.RawSqlString sql, params object[] parameters);[System.Obsolete("For the execution of SQL queries using plain strings, use ExecuteSqlRaw instead. For the execution of SQL queries using interpolated string syntax to create parameters, use ExecuteSqlInterpolated instead.")]
public static int ExecuteSqlCommand (this Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade databaseFacade, Microsoft.EntityFrameworkCore.RawSqlString sql, params object[] parameters);static member ExecuteSqlCommand : Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade * Microsoft.EntityFrameworkCore.RawSqlString * obj[] -> int[<System.Obsolete("For the execution of SQL queries using plain strings, use ExecuteSqlRaw instead. For the execution of SQL queries using interpolated string syntax to create parameters, use ExecuteSqlInterpolated instead.")>]
static member ExecuteSqlCommand : Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade * Microsoft.EntityFrameworkCore.RawSqlString * obj[] -> int<Extension()>
Public Function ExecuteSqlCommand (databaseFacade As DatabaseFacade, sql As RawSqlString, ParamArray parameters As Object()) As IntegerParameters
- databaseFacade
- DatabaseFacade
The DatabaseFacade for the context.
- sql
- RawSqlString
The SQL to execute.
- parameters
- Object[]
Parameters to use with the SQL.
Returns
The number of rows affected.
- Attributes
Applies to
ExecuteSqlCommand(DatabaseFacade, String, Object[])
public static int ExecuteSqlCommand (this Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade databaseFacade, string sql, params object[] parameters);static member ExecuteSqlCommand : Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade * string * obj[] -> int<Extension()>
Public Function ExecuteSqlCommand (databaseFacade As DatabaseFacade, sql As String, ParamArray parameters As Object()) As IntegerParameters
- databaseFacade
- DatabaseFacade
- sql
- String
- parameters
- Object[]
Returns
Applies to
Entity Framework