C#C
C#2y ago
The Fog from Human Resources

✅ How to use Dapper with Query Parameters

I work a lot with SQL databases such as MySQL, SQLite and PSQL and usually I write my Queries like this

// Example written in System.Data.SQLite

using(SQLiteConnection connection = new SQLiteConnection("connect string")) 
{
  connection.Open();
  using(SQLiteCommand command = new SQLiteCommand(connection))
  {
    command.CommandText = "DELETE FROM SomeSensitiveTable WHERE SomeSensitiveData=@myParam";
    command.Parameters.AddWithValue("@myParam", "myText");
    command.ExecuteNonQuery();
  }
  connection.Close();
}

But using Dapper if i want to create an Object from a SELECT query I need to run connection.Query<ObjectModel>("MyQuery");, is there any way I can use Dapper while keeping my queries secure?
Was this page helpful?