I have a method to create tables at runtime:
public async Task CreateTable(string tableName, IEnumerable<DatabaseColumn> columns)
{
var columnsString = string.Join(", ", columns.Select(GetColumnString));
/// for example columnsString is:
/// [field_1] NVARCHAR(50),
/// [field_2] INT,
/// [field_3] INT
await _db.ExecuteSqlAsync($"CREATE TABLE [{tableName}] ({columnsString})");
}
After execute this method I get error:
Microsoft.EntityFrameworkCore.Database.Command[20102]
Failed executing DbCommand (5ms) [Parameters=[@p0='?' (Size = 4000), @p1='?' (Size = 4000)], CommandType='Text', CommandTimeout='30']
CREATE TABLE [@p0] (@p1)
Api request return that message:
{
"message": "Incorrect syntax near '@p1'."
}
I understand that p1 is incorrect because this parameter is usually used to pass values.
Question: How to pass field params to create a table in ExecuteSqlAsync?
Of course I can use ExecuteSqlRawAsync, but in my case I get a warning:
Warning EF1002 Method 'ExecuteSqlRawAsync' inserts interpolated strings directly into the SQL, without any protection against SQL injection. Consider using 'ExecuteSqlAsync' instead, which protects against SQL injection, or make sure that the value is sanitized and suppress the warning.
New contributor
Lesha Krut is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.