-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add FromSql and ExecuteSql accepting FormattableString #28609
Labels
area-query
closed-fixed
The issue has been fixed and is/will be included in the release indicated by the issue milestone.
type-enhancement
Milestone
Comments
smitpatel
added
the
closed-fixed
The issue has been fixed and is/will be included in the release indicated by the issue milestone.
label
Aug 11, 2022
smitpatel
added a commit
that referenced
this issue
Aug 11, 2022
smitpatel
added a commit
that referenced
this issue
Aug 11, 2022
ghost
pushed a commit
that referenced
this issue
Aug 11, 2022
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
area-query
closed-fixed
The issue has been fixed and is/will be included in the release indicated by the issue milestone.
type-enhancement
As discussed offline, we're going to add these, which are identical to FromSqlInterpolated/ExecuteSqlInterpolated. FormattableString is safe from SQL injection attacks, so we generally want to guide users towards doing raw SQL with it, and suffix-less "default" methods would likely be used more by new users etc..
We also considered renaming FromSqlRaw to FromSqlUnsafe to make it clearer that these methods should be used with care, and also removing FromSqlInterpolated/ExecuteSqlInterpolated (obsoleting first). We won't do this since the team decided that the breaking change isn't worth it.
The text was updated successfully, but these errors were encountered: