Database.ExecuteSqlCommand

Database.ExecuteSqlCommand is very useful when leveraging Entity Framework 4.1/4.2 Code First model to do the data access or object relational mapping. To make sure your code is bullet proof for SQL injection attacks, you must use the parameterized SQL script when calling this method. Following is an example for this purpose.

context.Database.ExecuteSqlCommand(“delete MasterSmsCampaignCertificateInfo where MasterSmsCampaignGuid = @p0 and CertificateId = @p1“,
    TheCampaignGuid,
    certInfo.CertificateId);

Database.ExecuteSqlCommand

2 thoughts on “Database.ExecuteSqlCommand

  1. Marco says:

    You would do something like this
    context.Database.ExecuteSqlCommand("delete MasterSmsCampaignCertificateInfo where MasterSmsCampaignGuid LIKE '%' + @p0 + '%'", "XYZ%PDQ");
    or
    context.Database.ExecuteSqlCommand("delete MasterSmsCampaignCertificateInfo where MasterSmsCampaignGuid LIKE '%' + @p0 + '%' + @p1 + '%'", "XYZ", "PDQ");

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s