How do you write a parameterized where-in raw sql query in Entity Framework

Question

How do you write a parameterized where-in raw sql query in Entity Framework? I've tried the following: But as expected, it throws an error on DateParam because it's expecting a single value. Answer This isn't a problem specific to entity-framework, you can solve it by generating your own parameter names dynamically. The resulting query sent to SQL-Server will look like

Accepted Answer

This isn’t a problem specific to entity-framework, you can solve it by generating your own parameter names dynamically.var parameters = new List { new SqlParameter("@DateParam", dateQueryString), new SqlParameter("@LineCode", chartModelData.LineCode), new SqlParameter("@ModelNumber", chartModelData.ModelNum), new SqlParameter("@EquipNumber", equipmentNumber), new SqlParameter("@LotNumber", chartModelData.LotNum) };var dateParameters = chartModelData .GetFormattedDateList() .Select((date, index) => new SqlParameter("@date" + index, date)); .ToList();parameters.AddRange(dateParameters); var inValues = string.Join(", ", dateParameters.Select(p => p.ParameterName));var query = @"SELECT MAX(DATA_SEQ) AS MaxSeq, MIN(DATA_SEQ) AS MinSeq, COUNT(1) AS TotSampleCnt FROM SPCDATA_TB WHERE DATA_WDATE IN (" + inValues + @") AND LINE_CODE = @LineCode AND MODEL_NO = @ModelNumber AND LOT_NO = @LotNumber AND EQUIP_NO LIKE @EquipNumber";var myResult = _dbContext.Database .SqlQuery(query, parameters.ToArray());The resulting query sent to SQL-Server will look like the following:SELECT MAX(DATA_SEQ) AS MaxSeq, MIN(DATA_SEQ) AS MinSeq, COUNT(1) AS TotSampleCntFROM SPCDATA_TBWHERE DATA_WDATE IN (@date0, @date1, @date2) AND LINE_CODE = @LineCodeAND MODEL_NO = @ModelNumberAND LOT_NO = @LotNumberAND EQUIP_NO LIKE @EquipNumberGenerally, you want to avoid doing string manipulation when writing queries, however, I believe this example is safe from sql-injection.

Advertisement

Answer