Click here to Skip to main content
14,422,431 members
Rate this:
Please Sign up or sign in to vote.
Hi

I am trying to get a column value using sql select query from the database in entity framework core. Don't know, what am i doing wrong here. I don't want to have tables converted to models in using Entity Framework Core in the solution.

This query is an one-off query.

Thanks & Regards,
Shweta

What I have tried:

var itemNo = "105744";

var myCommand = $"select MD.size from tbl_Stock_Master_data MD inner join tbl_StockGroupMaster on StkGrpID = ItemGroupID LEFT JOIN tbl_StockSizeOrdering O ON MD.SIZE = O.Size where itemno = '{itemNo}'";
                var size = motherLoadContext.Database.ExecuteSqlInterpolated(myCommand);
Posted
Updated 4 days ago
Comments
Wendelius 5 days ago
   
What is the problem, do you get an error message or some other issue?
Rate this:
Please Sign up or sign in to vote.

Solution 1

Most likely the problem happens because ExecuteSqlInterpolated replaces the variables with parameters. In your case the parameter would be inside quotation marks and this probably causes the problem.

Have a try with something like
var myCommand = $@"SELECT MD.size 
FROM tbl_Stock_Master_data MD 
INNER JOIN tbl_StockGroupMaster on StkGrpID = ItemGroupID 
LEFT JOIN tbl_StockSizeOrdering O ON MD.SIZE = O.Size 
WHERE itemno = {itemNo}";

var size = motherLoadContext.Database.ExecuteSqlInterpolated(myCommand);

Also the column in the where clause is missing the table alias so be sure to include that to prevent ambiguous names. Something like
WHERE md.itemno = {itemNo}"
   
Rate this:
Please Sign up or sign in to vote.

Solution 2

ExecuteSqlInterpolated[^] expects the parameter to be a FormattableString[^].

Unfortunately, using var with an interpolated string creates a string variable instead. The parameter values will be injected directly into the resulting string, and you would leave yourself open to SQL Injection. Thankfully, you get a compiler error instead: cannot convert from 'string' to 'System.FormattableString'.

You'll also need to remove the single quotes from around the {itemNo} placeholder. EF will use a properly parameterized query, so this placeholder will be replaced with the parameter name. You don't need the quotes when you're using parameters.

You can either declare the variable type explicitly:
FormattableString myCommand = $"select MD.size from tbl_Stock_Master_data MD inner join tbl_StockGroupMaster on StkGrpID = ItemGroupID LEFT JOIN tbl_StockSizeOrdering O ON MD.SIZE = O.Size where itemno = {itemNo}";

var size = motherLoadContext.Database.ExecuteSqlInterpolated(myCommand);
or inline the query variable:
var size = motherLoadContext.Database.ExecuteSqlInterpolated($"select MD.size from tbl_Stock_Master_data MD inner join tbl_StockGroupMaster on StkGrpID = ItemGroupID LEFT JOIN tbl_StockSizeOrdering O ON MD.SIZE = O.Size where itemno = {itemNo}");
   
Rate this:
Please Sign up or sign in to vote.

Solution 3

using (var command = motherLoadContext.Database.GetDbConnection().CreateCommand())
                {
                    command.CommandText = string.Format("select Colour from tbl_Stock_Master_data MD inner join tbl_StockGroupMaster on StkGrpID = ItemGroupID LEFT JOIN tbl_StockSizeOrdering O ON MD.SIZE = O.Size where itemno = '{0}'",itemNo);
                    motherLoadContext.Database.OpenConnection();
                    using (var result = command.ExecuteReader())
                    {
                        if (result.HasRows)
                        {
                            while (result.Read())
                            {
                                colour = result.GetString(0);
                            }
                        }
                    }
                }

This is the way we need to read a select statement. 
   
v2
Comments
Richard Deeming 3 days ago
   
Well done - you've just proved that an ORM doesn't make you immune to SQL Injection[^]. 🤦‍♂️

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Using ExecuteSqlInterpolated is the correct way to do this in EF Core.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month



CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100