Database.ExecuteSqlCommand Method (String, Object[])
[This page is specific to the Entity Framework version 6. The latest version is available as the 'Entity Framework' NuGet package. For more information about Entity Framework, see msdn.com/data/ef.]
Executes the given DDL/DML command against the database. As with any API that accepts SQL it is important to parameterize any user input to protect against a SQL injection attack. You can include parameter place holders in the SQL query string and then supply parameter values as additional arguments. Any parameter values you supply will automatically be converted to a DbParameter. context.Database.ExecuteSqlCommand("UPDATE dbo.Posts SET Rating = 5 WHERE Author = @p0", userSuppliedAuthor); Alternatively, you can also construct a DbParameter and supply it to SqlQuery. This allows you to use named parameters in the SQL query string. context.Database.ExecuteSqlCommand("UPDATE dbo.Posts SET Rating = 5 WHERE Author = @author", new SqlParameter("@author", userSuppliedAuthor));
Namespace: System.Data.Entity
Assembly: EntityFramework (in EntityFramework.dll)
Syntax
'Declaration
Public Function ExecuteSqlCommand ( _
sql As String, _
ParamArray parameters As Object() _
) As Integer
'Usage
Dim instance As Database
Dim sql As String
Dim parameters As Object()
Dim returnValue As Integer
returnValue = instance.ExecuteSqlCommand(sql, _
parameters)
public int ExecuteSqlCommand(
string sql,
params Object[] parameters
)
public:
int ExecuteSqlCommand(
String^ sql,
... array<Object^>^ parameters
)
member ExecuteSqlCommand :
sql:string *
parameters:Object[] -> int
public function ExecuteSqlCommand(
sql : String,
... parameters : Object[]
) : int
Parameters
- sql
Type: System.String
The command string.
- parameters
Type: System.Object[]
The parameters to apply to the command string.
Return Value
Type: System.Int32
The result returned by the database after executing the command.
Remarks
If there isn't an existing local or ambient transaction a new transaction will be used to execute the command.