ExecuteSqlCommand with interpolated string results in 'invalid input syntax' error

c# ef-core-2.1 entity-framework-core

Question

According to this docs and this, I should be able to pass an interpolated string to ExecuteSqlCommandAsync like this:

public async Task DeleteEntries(DateTimeOffset loggedOn) {
    await myContext.Database.ExecuteSqlCommandAsync(
        $"DELETE from log_entry WHERE logged_on < '{loggedOn}';"
    );
}

However, it gives me the following error: Npgsql.PostgresException: '22007: invalid input syntax for type timestamp with time zone: "@p0"'

  1. loggedOn is a valid date.
  2. Extracting the interpolated string to a temporary variable fixes it, however I am losing input validation for SQL injection attacks.

Am i doing something wrong or is this a bug in EFCore? Using latest EFCore 2.1

1
1
7/31/2018 8:59:21 PM

Fastest Entity Framework Extensions

Bulk Insert
Bulk Delete
Bulk Update
Bulk Merge

Popular Answer

As provided by @IvanStoev, the answer was to remove single quotes around the interpolated parameter.

2
7/31/2018 7:34:10 PM

Related Questions

Running update-database results in the error: "A file activation error occurred"

Basically I've created a class library project containing a data access repository for other projects to use. I've added the EF6 package and enabled migrations. My connection string in app.config looks the following:... <connectionStrings> <add name="Pbn" connectionString="Data Source=(LocalDb)\v11.0;AttachDbFilename=|DataDirectory|\Pbn.mdf;In...
database entity-framework entity-framework-6 visual-studio
asked by JensOlsen112

Entity framework throwing invalid operation exception - Connection string in app.config not found

I added a new ADO.NET data model from the database, and everything generated fine....Then I try to make a call to get one of the tables:...public Sensor[] GetAllRegisteredSensors() { using (var context = new ClientSensorLocationEntities()) { try { return context.Sen...
c# entity-framework entity-framework-6
asked by Mefhisto1

Error while executing db.Database.Migrate(): Incorrect syntax near the keyword 'NOT'

Here's my Dataseeder class:...using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity.EntityFrameworkCore; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.DependencyInjection; using StackStore.Data; using System.Collections.Generic; using System.Linq; namespace StackStore.Models ...
asp.net-core asp.net-core-mvc c# entity-framework-core
asked by Nicholas

Fix for "multiple cascade paths" error results in "foreign key constraint" error in SQLite unit tests

I have a database with two different paths to a certain entity, one path with ...DeleteBehavior.Cascade... and the other with ...DeleteBehavior.Restrict... to avoid a multiple cascade paths error on database creation. This is working as I expected when running locally using IIS Express and Visual Studio's SQL Server in memory, but throwing an error...
c# entity-framework-core sqlite xunit.net
asked by amiller

EF Core SQLite in memory exception: SQLite Error 1: 'near "MAX": syntax error'

I am creating SQLite In Memory database for unit testing:... var connection = new SqliteConnection("DataSource=:memory:"); connection.Open(); try { var options = new DbContextOptionsBuilder<BloggingContext>() .UseSqlite(connection) .Options; // Create the schem...
c# ef-core-2.0 ef-core-2.1 entity-framework-core sqlite
asked by Deivydas Voroneckis

Fast matching of input string with strings in db

Given an algorithm of strings matching which works with certain strings (e.g. "123456789") and string patterns (e.g. "1*******9"). String patterns are not any kind of regexp or SQL LIKE pattern - they only provide "*" placeholder which means "a single digit or letter"....So, the algorithm will treat these values as "equal":...12ABCDE89 12A***E89 **...
entity-framework-core full-text-search sql-server
asked by Andrey Pesoshin

Invalid SQL Server Connection String on Linux Entity Framework Core

Linux has different concept of named pipes. ....\\SQLSERVER... is a ...named pipe... notation. ...Also integrated security won't work on Linux (at least w/o setup, Kerberos Authentication is supported though), because its related to Active Directory / NTML Authorization. ...So use the regular Standard user name authorization connection string:...Se...
asp.net-core c# entity-framework entity-framework-core linux
asked by Tseng

Eagerly loading multiple levels error: "The Include property lambda expression is invalid"

I have a .NET Core 2.1 library that is leveraging Entity Framework Core v.2.2.4 with a MySQL database. I am using the code first model. I have service classes that depend on the ...SoarDataContext... class seen below....When I try to eagerly-load multiple-level nested entities by using the ....Include()... method in ...the way suggested in the docs...
.net-core c# entity-framework-core
asked by Steve Boniface

Interpolated strings in F#

I am trying to use the Entity Framework Core interpolated SQL query function in F# which requires a ...FormattableString.... However to my surprise it doesn't function as I cannot find a way to convert a regular F# string to that type. I figured just doing what you do in C# would work but it doesn't. Here is the code I currently have:...let fromDbU...
entity-framework-core f# formattablestring sql
asked by manywows

What is the syntax for a LINQ filter for List<string>?

I have a C# program using EF Core....I fetch my records like this:...List<MyEntity> candidateRecords = await myFilters.ToListAsync(); ...I build my filters like this:...IQueryable<MyEntity> myFilters = from m in context.MyEntity select m; if (!string.IsNullOrEmpty(criterion1)) myFilters = myFilters.Where(s => s.S...
c# entity-framework-core linq
asked by FoggyDay

Fastest Entity Framework Extensions

Bulk Insert
Bulk Delete
Bulk Update
Bulk Merge
View more on Stack Overflow

Prime Library

Performance

Expression Evaluator

More Projects...

Related

Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow