ExecuteSqlCommand with interpolated string results in 'invalid input syntax' error

c# ef-core-2.1 entity-framework-core

Question

According to this docs and this, I should be able to pass an interpolated string to ExecuteSqlCommandAsync like this:

public async Task DeleteEntries(DateTimeOffset loggedOn) {
    await myContext.Database.ExecuteSqlCommandAsync(
        $"DELETE from log_entry WHERE logged_on < '{loggedOn}';"
    );
}

However, it gives me the following error: Npgsql.PostgresException: '22007: invalid input syntax for type timestamp with time zone: "@p0"'

  1. loggedOn is a valid date.
  2. Extracting the interpolated string to a temporary variable fixes it, however I am losing input validation for SQL injection attacks.

Am i doing something wrong or is this a bug in EFCore? Using latest EFCore 2.1

1
1
7/31/2018 8:59:21 PM

Popular Answer

As provided by @IvanStoev, the answer was to remove single quotes around the interpolated parameter.

2
7/31/2018 7:34:10 PM


Related Questions





Related

Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow