Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
G
G
Goshujin2022-04-13 14:08:45
SQLite
Goshujin, 2022-04-13 14:08:45

How to remove warning EF1000?

The code:

public bool SetNewDate(string date, string newDate)
        {
            string sql = string.Format(@"
UPDATE EventSchedule
SET Date = '{0}'
WHERE Date = '{1}'", newDate, date);

            var rows = _context.Database.ExecuteSqlCommand(sql);

            return rows > 0;
        }


A warning:
warning EF1000: The SQL expression passed to 'ExecuteSqlCommand' embeds data that will not be parameterized.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vasily Bannikov, 2022-04-13
@Goshujin

Do not use string.Format for parameterization.
Use additional parameters from ExecuteSqlCommand or ExecuteSqlInterpolated instead.
https://docs.microsoft.com/en-us/ef/core/querying/...

Similar questions
N
Nikolai Neizvestny2020-04-27 03:00:41
Delete user from database if 403 bot was blocked by the user? 1Reply
L
LittleJonny2015-10-23 15:53:51
How to store VK correspondence in a mobile application? 1Reply
N
NEMMO2011-09-14 16:19:28
csv import (800 megs) to sqlite? 3Reply
S
Staspost2020-04-30 14:28:12
How to correctly register a database call in Android? 1Reply
H
hey_umbrella2021-06-30 23:15:05
How to remove comma from sqlite output? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question