Question

What is the main difference between SqlParameter and ObjectParameter?

ObjectParameter[] parameters =
{
           new ObjectParameter("MainUserName", user.MainUserName),
           new ObjectParameter("MainUserFirstName",user.MainUserFirstName),
           new ObjectParameter("MainUserLastName",user.MainUserLastName),
           new ObjectParameter("DOJoin", DateTime.Now),
};

SqlParameter[] parameters =
       {
           new SqlParameter("@MainUserName", user.MainUserName),

           new SqlParameter("@MainUserFirstName",user.MainUserFirstName),

           new SqlParameter("@MainUserLastName",user.MainUserLastName),



            new SqlParameter("@DOJoin", DateTime.Now),

       };

I am working on MVC Code First, I want to make Communication with my Database through Stored procedures. so which one is the best approach to passing parameters to SP? Last Time i tried to Execute SP by passing Sql Perameters but faced the below exception

Procedure or function 'InsertUser' expects parameter '@MainUserName', which was not supplied

I tried to solve it by trying different scenarios but have no luck. At Last I thought I should to use Object Perameters intead of Sql Perameters. But don't know whats the main Difference between these?

Edite I want to run my below code using ExecuteSqlCommandAsync which expecting object[] parameters

 public async Task InsertAsync(ActionCriteria obj)
{
    await _dbCOntext.Database.ExecuteSqlCommandAsync(obj.SpName, obj.SqlParameter) ;
}

public Task<int> ExecuteSqlCommandAsync(string sql, params object[] parameters);

so how will I pass sqlperameters to ExecuteSqlCommandAsync, so that it may execute SP with provided SqlParameters not ObjectParameters

1
3
10/17/2015 8:11:03 PM

Accepted Answer

SqlParameter is a part of ADO.NET, it's may be used in EF if underlying database is SQL Server. For example in context.Database.SqlQuery method.

ObjectParameter is a part of EF (look on it's assembly name) and EF may be used together with many DBMS (with special provider for each case, of course). ObjectParameter doesn't require SQL Server. SqlParameter does.

Both classes are used to execute SPs and raw SQL queries. I suggest there is no conceptual difference between these classes in case of SQL Server database.

6
10/17/2015 7:50:01 PM

Popular Answer

Well, you're almost right, but there's a huge difference while sqlParameter is SQL injection safe while objectParameter allows you to inject whatever string you desire.



Related Questions





Related

Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow