using (var connection = new SqlConnection(connectionString)) { var query = "SELECT * FROM Customers WHERE CustomerName = @Name"; var parameters = new DynamicParameters(); parameters.Add("@Name", "John Smith"); var result = connection.Query(query, parameters).ToList(); }
using (var db = new MyDbContext()) { var query = db.Customers.Where(c => c.Name == nameParam); var result = query.ToList(); }In this example, the AddParameter method is not explicitly called. Instead, Entity Framework automatically creates and binds the parameter based on the lambda expression used in the query. This is because Entity Framework uses parameterized queries by default to prevent SQL injection attacks. Overall, DataConnection.AddParameter is an essential method for any C# developer working with databases. It allows for secure and efficient data binding, and can be used in a variety of data access libraries such as Dapper and Entity Framework.