Question
I have dapper working correctly, but it is unsecure as in I haven't been using parameters, how can I best turn my dapper variables into parameters for instance this is the unparameterized code that I had that worked..
var getinfo = sqlConnection.Query<test>("Select name,location from tests where location="+ myplace).FirstOrDefault();
myplace is a textbox that users put information on, now when I tried to parameterized that code like
var getinfo = sqlConnection.Query<test>("Select name,location from tests where location='@location'", new {location = myplace}).FirstOrDefault();
I get absolutely no returns back, yet no error messages. What can I be missing here or whats the best way to parameterized variables.
Accepted Answer
You do not need to place the single quotes around the parameter. Hope this helps.
var getinfo = sqlConnection.Query<test>("Select name,location from tests where location=@location", new {location = myplace}).FirstOrDefault();
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow
Is this KB legal? Yes, learn why