RelationalDatabaseFacadeExtensions.SqlQueryRaw<TResult> Method
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Creates a LINQ query based on a raw SQL query, which returns a result set of a scalar type natively supported by the database provider.
public static System.Linq.IQueryable<TResult> SqlQueryRaw<TResult> (this Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade databaseFacade, string sql, params object[] parameters);
static member SqlQueryRaw : Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade * string * obj[] -> System.Linq.IQueryable<'Result>
<Extension()>
Public Function SqlQueryRaw(Of TResult) (databaseFacade As DatabaseFacade, sql As String, ParamArray parameters As Object()) As IQueryable(Of TResult)
- TResult
- databaseFacade
- DatabaseFacade
The DatabaseFacade for the context.
- sql
- String
The raw SQL query.
- parameters
- Object[]
The values to be assigned to parameters.
An IQueryable<T> representing the raw SQL query.
To use this method with a return type that isn't natively supported by the database provider, use the DefaultTypeMapping<TScalar>(Action<TypeMappingConfigurationBuilder<TScalar>>) method.
The returned IQueryable<T> can be composed over using LINQ to build more complex queries.
Note that this method does not start a transaction. To use this method with a transaction, first call BeginTransaction(DatabaseFacade, IsolationLevel) or UseTransaction.
As with any API that accepts SQL it is important to parameterize any user input to protect against a SQL injection attack. You can include parameter place holders in the SQL query string and then supply parameter values as additional arguments. Any parameter values you supply will automatically be converted to a DbParameter.
However, never pass a concatenated or interpolated string ($""
) with non-validated user-provided values into this method. Doing so may expose your application to SQL injection attacks. To use the interpolated string syntax, consider using SqlQuery<TResult>(DatabaseFacade, FormattableString) to create parameters.
See Executing raw SQL commands with EF Core for more information and examples.
Entity Framework feedback
Entity Framework is an open source project. Select a link to provide feedback: