Share via


RelationalDatabaseFacadeExtensions.SqlQueryRaw<TResult> Method

Definition

Creates a LINQ query based on a raw SQL query, which returns a result set of a scalar type natively supported by the database provider.

public static System.Linq.IQueryable<TResult> SqlQueryRaw<TResult> (this Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade databaseFacade, string sql, params object[] parameters);

Type Parameters

TResult

Parameters

databaseFacade
DatabaseFacade

The DatabaseFacade for the context.

sql
String

The raw SQL query.

parameters
Object[]

The values to be assigned to parameters.

Returns

IQueryable<TResult>

An IQueryable<T> representing the raw SQL query.

Remarks

To use this method with a return type that isn't natively supported by the database provider, use the DefaultTypeMapping<TScalar>(Action<TypeMappingConfigurationBuilder<TScalar>>) method.

The returned IQueryable<T> can be composed over using LINQ to build more complex queries.

Note that this method does not start a transaction. To use this method with a transaction, first call BeginTransaction(DatabaseFacade, IsolationLevel) or UseTransaction.

As with any API that accepts SQL it is important to parameterize any user input to protect against a SQL injection attack. You can include parameter place holders in the SQL query string and then supply parameter values as additional arguments. Any parameter values you supply will automatically be converted to a DbParameter.

However, never pass a concatenated or interpolated string ($"") with non-validated user-provided values into this method. Doing so may expose your application to SQL injection attacks. To use the interpolated string syntax, consider using SqlQuery<TResult>(DatabaseFacade, FormattableString) to create parameters.

See Executing raw SQL commands with EF Core for more information and examples.

Applies to