ASP.NET Core .NET 5 打造WebAPI入門教學(4_9) - 讀取資料之好想用SQL語法阿,小心SQL Injection

單一資料表操作

var result = _todoContext.TodoLists.FromSqlRaw("select * from todolist");  

        [HttpGet("GetSQL")]
        public IEnumerable<TodoList> GetSQL(string name)
        {
            string sql = "select * from todolist where 1=1";

            if (!string.IsNullOrWhiteSpace(name))
            {
                sql = sql + "and name like N'%" + name + "%'";
            }

            var result = _todoContext.TodoLists.FromSqlRaw(sql);

            return result;
        }

參考資料

閒聊：用 LINQ 還是自己寫 SQL？

Entity Framework Core原始 SQL 查詢