SQL statements in code should always be parameterized to help protect against SQL Injection attacks. In this section, Phil demonstrates three ways to use parameters in your Entity Framework Core FromSql or ExecuteSqlCommand.
- [Narrator] While this is not a course on security,…your SQL should always be parameterized…to protect from SQL injection attacks.…With EG and SQL Server, this can be done in three ways.…Create SQL Parameters and pass into From SQL…or Execute SQL Command, and we've always been able to do…this with NET Framework or ADO dot net for that matter.…You can use the string dot format…syntax to combine parameters with the command string,…or brand new in EF Core two point oh,…you can use C sharp string interpolation…and the C sharp variables in the string…are converted to parameters.…
So let's look at how all this works through some examples.…So we need the where used view model,…as a not mapped table on the DB context,…so we can do this here, again we'll say not mapped,…public DB set where used view model…and we'll just call it where used view model as a table name…In the next course we'll talk about pluralization…and how all that works, let's just be consistent.…
So we have that saved, and let's go…look at how we can parameterize this.…
- Entity Framework Core components and projects
- Working with scaffolded files
- Testing with xUnit
- Viewing generated SQL
- Composing queries
- Sorting and filtering results
- Working with aggregates
- Loading related data
- Logging and tracking
- Mapping functions
- Generics and delegates
- Checking concurrency
- Resiliency and transactions
Skill Level Intermediate
Learning Entity Framework Corewith Reynald Adolphe1h 35m Intermediate
1. Get to Know Entity Framework
2. Set the Stage
3. Querying Data: Part 1
4. Querying Data: Part 2
5. Advanced Query Features
6. Persisting Data
7. DbContext Options and Configuration
Thank you1m 23s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.