ObjectContext.ExecuteStoreQuery Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Overloads
| ExecuteStoreQuery<TElement>(String, Object[]) |
Executes a query directly against the data source that returns a sequence of typed results. |
| ExecuteStoreQuery<TEntity>(String, String, MergeOption, Object[]) |
Executes a query directly against the data source and returns a sequence of typed results. Specify the entity set and the merge option so that query results can be tracked as entities. |
ExecuteStoreQuery<TElement>(String, Object[])
Executes a query directly against the data source that returns a sequence of typed results.
public:
generic <typename TElement>
System::Data::Objects::ObjectResult<TElement> ^ ExecuteStoreQuery(System::String ^ commandText, ... cli::array <System::Object ^> ^ parameters);public System.Data.Objects.ObjectResult<TElement> ExecuteStoreQuery<TElement> (string commandText, params object[] parameters);member this.ExecuteStoreQuery : string * obj[] -> System.Data.Objects.ObjectResult<'Element>Public Function ExecuteStoreQuery(Of TElement) (commandText As String, ParamArray parameters As Object()) As ObjectResult(Of TElement)Type Parameters
- TElement
The type of the returned data.
Parameters
- commandText
- String
The command to execute, in the native language of the data source.
- parameters
- Object[]
An array of parameters to pass to the command.
Returns
An enumeration of objects of type TElement.
Remarks
The ExecuteStoreQuery method uses the existing connection to execute an arbitrary command directly against the data source. The store command is executed in the context of the current transaction, if such a transaction exists.
Calling the ExecuteStoreQuery method is equivalent to calling the ExecuteReader method of the DbCommand class, only ExecuteStoreQuery returns entities and the ExecuteReader returns property values in the DbDataReader.
Call the ExecuteStoreQuery with the specified entity set name, if you want for the results to be tracked.
Call the Translate method to translate a DbDataReader into entity objects when the reader contains data rows that map to the specified entity type.
Using parameterized commands helps guard against SQL injection attacks, in which an attacker "injects" a command into a SQL statement that compromises security on the server. Parameterized commands guard against a SQL injection attack by guaranteeing that values received from an external source are passed as values only, and not part of the SQL statement. As a result, SQL commands inserted into a value are not executed at the data source. Rather, they are evaluated only as a parameter value. In addition to the security benefits, parameterized commands provide a convenient method for organizing values passed with a SQL statement or to a stored procedure.
The parameters value can be an array of DbParameter objects or an array of parameter values. If only values are supplied, an array of DbParameter objects are created based on the order of the values in the array.
For more information, see:
Directly Executing Store Commands and
How to: Directly Execute Commands Against the Data Source
Applies to
ExecuteStoreQuery<TEntity>(String, String, MergeOption, Object[])
Executes a query directly against the data source and returns a sequence of typed results. Specify the entity set and the merge option so that query results can be tracked as entities.
public:
generic <typename TEntity>
System::Data::Objects::ObjectResult<TEntity> ^ ExecuteStoreQuery(System::String ^ commandText, System::String ^ entitySetName, System::Data::Objects::MergeOption mergeOption, ... cli::array <System::Object ^> ^ parameters);public System.Data.Objects.ObjectResult<TEntity> ExecuteStoreQuery<TEntity> (string commandText, string entitySetName, System.Data.Objects.MergeOption mergeOption, params object[] parameters);member this.ExecuteStoreQuery : string * string * System.Data.Objects.MergeOption * obj[] -> System.Data.Objects.ObjectResult<'Entity>Public Function ExecuteStoreQuery(Of TEntity) (commandText As String, entitySetName As String, mergeOption As MergeOption, ParamArray parameters As Object()) As ObjectResult(Of TEntity)Type Parameters
- TEntity
The entity type of the returned data.
Parameters
- commandText
- String
The command to execute, in the native language of the data source.
- entitySetName
- String
The entity set of the TEntity type. If an entity set name is not provided, the results are not going to be tracked.
- mergeOption
- MergeOption
The MergeOption to use when executing the query. The default is AppendOnly.
- parameters
- Object[]
An array of parameters to pass to the command.
Returns
An enumeration of objects of type TResult.
Remarks
The ExecuteStoreQuery method uses the existing connection to execute an arbitrary command directly against the data source. The store command is executed in the context of the current transaction, if such a transaction exists.
Calling the ExecuteStoreQuery method is equivalent to calling the ExecuteReader method of the DbCommand class, only ExecuteStoreQuery returns entities and the ExecuteReader returns property values in the DbDataReader.
Specify the entity set name, if you want for the results to be tracked as entities.
Call Translate method to translate a DbDataReader into entity objects when the reader contains data rows that map to the specified entity type.
Using parameterized commands helps guard against SQL injection attacks, in which an attacker "injects" a command into a SQL statement that compromises security on the server. Parameterized commands guard against a SQL injection attack by guaranteeing that values received from an external source are passed as values only, and not part of the SQL statement. As a result, SQL commands inserted into a value are not executed at the data source. Rather, they are evaluated only as a parameter value. In addition to the security benefits, parameterized commands provide a convenient method for organizing values passed with a SQL statement or to a stored procedure.
The parameters value can be an array of DbParameter objects or an array of parameter values. If only values are supplied, an array of DbParameter objects are created based on the order of the values in the array.
For more information, see:
Directly Executing Store Commands and
How to: Directly Execute Commands Against the Data Source
