diff --git a/EntityFrameworkCore.Console/Program.cs b/EntityFrameworkCore.Console/Program.cs index b4fec72..15fd78f 100644 --- a/EntityFrameworkCore.Console/Program.cs +++ b/EntityFrameworkCore.Console/Program.cs @@ -1,5 +1,6 @@ using EntityFrameworkCore.Data; using EntityFrameworkCore.Domain; +using Microsoft.Data.Sqlite; using Microsoft.EntityFrameworkCore; using var context = new DeadBallZoneLeagueDbContext(); @@ -15,7 +16,65 @@ context.Database.EnsureCreated(); // Rather than raise: "System.InvalidOperationException: Sequence contains no elements." // var firstCoach = await context.Coaches.FirstOrDefaultAsync(); -var details = await context.TeamsAndLeaguesView.ToListAsync(); +await RawSQLStatement(); + +async Task RawSQLStatement() +{ + // Beware that SQL Injection can be used on input here. + Console.WriteLine("Enter Team name: "); + var teamName = Console.ReadLine(); + // If you omit this param creation, SQL injection is possible. + var teamNameParam = new SqliteParameter("teamName", teamName); + var teams = context.Teams.FromSqlRaw( + $"SELECT * FROM Teams WHERE name = @teamName", teamNameParam + ); + foreach (var t in teams) + { + Console.WriteLine($"SQL Raw Team: {t.Name}"); + } + + // Parameterization happens automatically for these two: + teams = context.Teams.FromSql($"SELECT * FROM Teams WHERE name = {teamName}"); + foreach (var t in teams) + { + Console.WriteLine($"SQL Raw Team: {t.Name}"); + } + + // FromSqlInterpolated is the revised form of FromSql, and a better choice. + teams = context.Teams.FromSqlInterpolated($"SELECT * FROM Teams WHERE name = {teamName}"); + foreach (var t in teams) + { + Console.WriteLine($"SQL Raw Team: {t.Name}"); + } + + // You can also mix with LINQ. + var teamsList = context.Teams.FromSql($"SELECT * FROM Teams") + .Where(t => t.Id == 1) + .OrderBy(t => t.Id) + .Include("League") + .ToList(); + foreach (var t in teamsList) + { + Console.WriteLine($"SQL Raw Team: {t.Name}"); + } + + // Stored procedures example. Note that SQLite does not support stored proceduces. + var leagueId = 1; + var league = context.Leagues.FromSqlInterpolated( + $"EXEC dbo.StoredProcedureToGetLeagueName {leagueId}" + ); + + // Non-querying statement examples. + var newTeamName = "Neo Oslo"; + var success = context.Database.ExecuteSqlInterpolated( + $"UPDATE Teams SET Name = {newTeamName}" + ); + + var teamToDelete = 1; + var teamDeletedSuccess = context.Database.ExecuteSqlInterpolated( + $"EXEC dbo.DeleteTeam {teamToDelete}" + ); +} async Task ProjectionAndAnonymousDataTypes() {