✅ How to use Dapper with Query Parameters

I work a lot with SQL databases such as MySQL, SQLite and PSQL and usually I write my Queries like this

// Example written in System.Data.SQLite

using(SQLiteConnection connection = new SQLiteConnection("connect string")) 
{
  connection.Open();
  using(SQLiteCommand command = new SQLiteCommand(connection))
  {
    command.CommandText = "DELETE FROM SomeSensitiveTable WHERE SomeSensitiveData=@myParam";
    command.Parameters.AddWithValue("@myParam", "myText");
    command.ExecuteNonQuery();
  }
  connection.Close();
}

// Example written in System.Data.SQLite

using(SQLiteConnection connection = new SQLiteConnection("connect string")) 
{
  connection.Open();
  using(SQLiteCommand command = new SQLiteCommand(connection))
  {
    command.CommandText = "DELETE FROM SomeSensitiveTable WHERE SomeSensitiveData=@myParam";
    command.Parameters.AddWithValue("@myParam", "myText");
    command.ExecuteNonQuery();
  }
  connection.Close();
}

But using Dapper if i want to create an Object from a

SELECT

SELECT

query I need to run

connection.Query<ObjectModel>("MyQuery");

connection.Query<ObjectModel>("MyQuery");

, is there any way I can use Dapper while keeping my queries secure?

C#•2y ago•

26 replies

The Fog from Human Resources

✅ How to use Dapper with Query Parameters

I work a lot with SQL databases such as MySQL, SQLite and PSQL and usually I write my Queries like this

// Example written in System.Data.SQLite

using(SQLiteConnection connection = new SQLiteConnection("connect string")) 
{
  connection.Open();
  using(SQLiteCommand command = new SQLiteCommand(connection))
  {
    command.CommandText = "DELETE FROM SomeSensitiveTable WHERE SomeSensitiveData=@myParam";
    command.Parameters.AddWithValue("@myParam", "myText");
    command.ExecuteNonQuery();
  }
  connection.Close();
}

// Example written in System.Data.SQLite

using(SQLiteConnection connection = new SQLiteConnection("connect string")) 
{
  connection.Open();
  using(SQLiteCommand command = new SQLiteCommand(connection))
  {
    command.CommandText = "DELETE FROM SomeSensitiveTable WHERE SomeSensitiveData=@myParam";
    command.Parameters.AddWithValue("@myParam", "myText");
    command.ExecuteNonQuery();
  }
  connection.Close();
}

But using Dapper if i want to create an Object from a

SELECT

SELECT

query I need to run

connection.Query<ObjectModel>("MyQuery");

connection.Query<ObjectModel>("MyQuery");

, is there any way I can use Dapper while keeping my queries secure?

✅ How to use Dapper with Query Parameters

Similar Threads

✅ How to use Dapper with Query Parameters

Similar Threads

Similar Threads

Similar Threads