This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Download Microsoft Edge
More info about Internet Explorer and Microsoft Edge
Executes the given DDL/DML command against the database.
As with any API that accepts SQL it is important to parameterize any user input to protect against a SQL injection attack. You can include parameter place holders in the SQL query string and then supply parameter values as additional arguments. Any parameter values you supply will automatically be converted to a DbParameter.
context.Database.ExecuteSqlCommand("UPDATE dbo.Posts SET Rating = 5 WHERE Author =
@p0
", userSuppliedAuthor);
Alternatively, you can also construct a DbParameter and supply it to SqlQuery. This allows you to use named parameters in the SQL query string.
context.Database.ExecuteSqlCommand("UPDATE dbo.Posts SET Rating = 5 WHERE Author =
@author
", new SqlParameter("@author", userSuppliedAuthor));
Executes the given DDL/DML command against the database.
As with any API that accepts SQL it is important to parameterize any user input to protect against a SQL injection attack. You can include parameter place holders in the SQL query string and then supply parameter values as additional arguments. Any parameter values you supply will automatically be converted to a DbParameter.
context.Database.ExecuteSqlCommand("UPDATE dbo.Posts SET Rating = 5 WHERE Author =
@p0
", userSuppliedAuthor);
Alternatively, you can also construct a DbParameter and supply it to SqlQuery. This allows you to use named parameters in the SQL query string.
context.Database.ExecuteSqlCommand("UPDATE dbo.Posts SET Rating = 5 WHERE Author =
@author
", new SqlParameter("@author", userSuppliedAuthor));
Executes the given DDL/DML command against the database.
As with any API that accepts SQL it is important to parameterize any user input to protect against a SQL injection attack. You can include parameter place holders in the SQL query string and then supply parameter values as additional arguments. Any parameter values you supply will automatically be converted to a DbParameter.
context.Database.ExecuteSqlCommand("UPDATE dbo.Posts SET Rating = 5 WHERE Author =
@p0
", userSuppliedAuthor);
Alternatively, you can also construct a DbParameter and supply it to SqlQuery. This allows you to use named parameters in the SQL query string.
context.Database.ExecuteSqlCommand("UPDATE dbo.Posts SET Rating = 5 WHERE Author =
@author
", new SqlParameter("@author", userSuppliedAuthor));
public int ExecuteSqlCommand (string sql, params object[] parameters);
member this.ExecuteSqlCommand : string * obj[] -> int
Public Function ExecuteSqlCommand (sql As String, ParamArray parameters As Object()) As Integer
Parameters
Executes the given DDL/DML command against the database.
As with any API that accepts SQL it is important to parameterize any user input to protect against a SQL injection attack. You can include parameter place holders in the SQL query string and then supply parameter values as additional arguments. Any parameter values you supply will automatically be converted to a DbParameter.
context.Database.ExecuteSqlCommand("UPDATE dbo.Posts SET Rating = 5 WHERE Author =
@p0
", userSuppliedAuthor);
Alternatively, you can also construct a DbParameter and supply it to SqlQuery. This allows you to use named parameters in the SQL query string.
context.Database.ExecuteSqlCommand("UPDATE dbo.Posts SET Rating = 5 WHERE Author =
@author
", new SqlParameter("@author", userSuppliedAuthor));
public int ExecuteSqlCommand (System.Data.Entity.TransactionalBehavior transactionalBehavior, string sql, params object[] parameters);
member this.ExecuteSqlCommand : System.Data.Entity.TransactionalBehavior * string * obj[] -> int
Parameters
