Click here to Skip to main content
15,883,710 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hi

I am trying to get a column value using sql select query from the database in entity framework core. Don't know, what am i doing wrong here. I don't want to have tables converted to models in using Entity Framework Core in the solution.

This query is an one-off query.

Thanks & Regards,
Shweta

What I have tried:

var itemNo = "105744";

var myCommand = $"select MD.size from tbl_Stock_Master_data MD inner join tbl_StockGroupMaster on StkGrpID = ItemGroupID LEFT JOIN tbl_StockSizeOrdering O ON MD.SIZE = O.Size where itemno = '{itemNo}'";
                var size = motherLoadContext.Database.ExecuteSqlInterpolated(myCommand);
Posted
Updated 15-Jan-20 13:12pm
Comments
Wendelius 14-Jan-20 22:48pm    
What is the problem, do you get an error message or some other issue?

Most likely the problem happens because ExecuteSqlInterpolated replaces the variables with parameters. In your case the parameter would be inside quotation marks and this probably causes the problem.

Have a try with something like
C#
var myCommand = $@"SELECT MD.size 
FROM tbl_Stock_Master_data MD 
INNER JOIN tbl_StockGroupMaster on StkGrpID = ItemGroupID 
LEFT JOIN tbl_StockSizeOrdering O ON MD.SIZE = O.Size 
WHERE itemno = {itemNo}";

var size = motherLoadContext.Database.ExecuteSqlInterpolated(myCommand);

Also the column in the where clause is missing the table alias so be sure to include that to prevent ambiguous names. Something like
WHERE md.itemno = {itemNo}"
 
Share this answer
 
ExecuteSqlInterpolated[^] expects the parameter to be a FormattableString[^].

Unfortunately, using var with an interpolated string creates a string variable instead. The parameter values will be injected directly into the resulting string, and you would leave yourself open to SQL Injection. Thankfully, you get a compiler error instead: cannot convert from 'string' to 'System.FormattableString'.

You'll also need to remove the single quotes from around the {itemNo} placeholder. EF will use a properly parameterized query, so this placeholder will be replaced with the parameter name. You don't need the quotes when you're using parameters.

You can either declare the variable type explicitly:
C#
FormattableString myCommand = $"select MD.size from tbl_Stock_Master_data MD inner join tbl_StockGroupMaster on StkGrpID = ItemGroupID LEFT JOIN tbl_StockSizeOrdering O ON MD.SIZE = O.Size where itemno = {itemNo}";

var size = motherLoadContext.Database.ExecuteSqlInterpolated(myCommand);
or inline the query variable:
C#
var size = motherLoadContext.Database.ExecuteSqlInterpolated($"select MD.size from tbl_Stock_Master_data MD inner join tbl_StockGroupMaster on StkGrpID = ItemGroupID LEFT JOIN tbl_StockSizeOrdering O ON MD.SIZE = O.Size where itemno = {itemNo}");
 
Share this answer
 
using (var command = motherLoadContext.Database.GetDbConnection().CreateCommand())
                {
                    command.CommandText = string.Format("select Colour from tbl_Stock_Master_data MD inner join tbl_StockGroupMaster on StkGrpID = ItemGroupID LEFT JOIN tbl_StockSizeOrdering O ON MD.SIZE = O.Size where itemno = '{0}'",itemNo);
                    motherLoadContext.Database.OpenConnection();
                    using (var result = command.ExecuteReader())
                    {
                        if (result.HasRows)
                        {
                            while (result.Read())
                            {
                                colour = result.GetString(0);
                            }
                        }
                    }
                }

This is the way we need to read a select statement. 
 
Share this answer
 
v2
Comments
Richard Deeming 16-Jan-20 11:56am    
Well done - you've just proved that an ORM doesn't make you immune to SQL Injection[^]. 🤦‍♂️

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Using ExecuteSqlInterpolated is the correct way to do this in EF Core.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS


CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900