Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
G
G
Goshujin2022-04-13 14:08:45
SQLite
Goshujin, 2022-04-13 14:08:45

How to remove warning EF1000?

The code:

public bool SetNewDate(string date, string newDate)
        {
            string sql = string.Format(@"
UPDATE EventSchedule
SET Date = '{0}'
WHERE Date = '{1}'", newDate, date);

            var rows = _context.Database.ExecuteSqlCommand(sql);

            return rows > 0;
        }


A warning:
warning EF1000: The SQL expression passed to 'ExecuteSqlCommand' embeds data that will not be parameterized.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vasily Bannikov, 2022-04-13
@Goshujin

Do not use string.Format for parameterization.
Use additional parameters from ExecuteSqlCommand or ExecuteSqlInterpolated instead.
https://docs.microsoft.com/en-us/ef/core/querying/...

Similar questions
T
tolanych2017-04-12 10:28:41
How to correctly implement validation when binding two text-boxes? 5Reply
C
Chronic 862018-11-06 20:22:55
Organization of requests in go? 1Reply
N
NuttyTurbo2018-11-13 23:45:45
How to remove duplicates in sqlite, but before that, what would be the check on other fields? 0Reply
C
CleanyBoom2022-01-21 12:39:42
Weird peewee sqlite error? 1Reply
V
Vlad Zaitsev2016-07-02 18:39:53
How to form a nested query in Sqlite? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question