RelationalQueryableExtensions.FromSqlRaw<TEntity> Method

Reference

Definition

Namespace:: Microsoft.EntityFrameworkCore

Assembly:: Microsoft.EntityFrameworkCore.Relational.dll

Package:: Microsoft.EntityFrameworkCore.Relational v3.0.0

Package:: Microsoft.EntityFrameworkCore.Relational v3.1.0

Package:: Microsoft.EntityFrameworkCore.Relational v5.0.0

Package:: Microsoft.EntityFrameworkCore.Relational v6.0.0

Package:: Microsoft.EntityFrameworkCore.Relational v7.0.0

Package:: Microsoft.EntityFrameworkCore.Relational v8.0.0

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Creates a LINQ query based on a raw SQL query.

public static System.Linq.IQueryable<TEntity> FromSqlRaw<TEntity> (this Microsoft.EntityFrameworkCore.DbSet<TEntity> source, string sql, params object[] parameters) where TEntity : class;

static member FromSqlRaw : Microsoft.EntityFrameworkCore.DbSet<'Entity (requires 'Entity : null)> * string * obj[] -> System.Linq.IQueryable<'Entity (requires 'Entity : null)> (requires 'Entity : null)

<Extension()>
Public Function FromSqlRaw(Of TEntity As Class) (source As DbSet(Of TEntity), sql As String, ParamArray parameters As Object()) As IQueryable(Of TEntity)

Type Parameters

TEntity

The type of the elements of source.

Parameters

source: DbSet<TEntity>

An IQueryable<T> to use as the base of the raw SQL query (typically a DbSet<TEntity>).

sql: String

The raw SQL query.

parameters: Object[]

The values to be assigned to parameters.

Returns

IQueryable<TEntity>

An IQueryable<T> representing the raw SQL query.

Remarks

If the database provider supports composing on the supplied SQL, you can compose on top of the raw SQL query using LINQ operators: context.Blogs.FromSqlRaw("SELECT * FROM Blogs").OrderBy(b => b.Name).

As with any API that accepts SQL it is important to parameterize any user input to protect against a SQL injection attack. You can include parameter place holders in the SQL query string and then supply parameter values as additional arguments. Any parameter values you supply will automatically be converted to a DbParameter.

However, never pass a concatenated or interpolated string ($"") with non-validated user-provided values into this method. Doing so may expose your application to SQL injection attacks. To use the interpolated string syntax, consider using FromSql<TEntity>(DbSet<TEntity>, FormattableString) to create parameters.

This overload also accepts DbParameter instances as parameter values. In addition to using positional placeholders as above ({0}), you can also use named placeholders directly in the SQL query string.

See Executing raw SQL commands with EF Core for more information and examples.

Applies to