Home/ Questions/Q 8822065
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T06:00:36+00:00

Actually, I have code that uses Entity Framework 4.1 in Visual Studio 2010. Everything

  • 0

Actually, I have code that uses Entity Framework 4.1 in Visual Studio 2010. Everything is working fine except for one thing : it doesn’t seem to “prepare” the parameters like a good old [parameters.Add] habitually did.

Here’s my code : 

using (MyEnterprisesEntities dataContext = new 
                             MyEnterprisesEntities(entityBuilder.ToString()))
{
         dataContext.CompanyInitializer(connection.Catalog,
                                        args.CompanyId,
                                        args.CompanyName);
}

So, if my company’s name is O'Brian and sons (actually it passed before through a WCF web service so it’s more in this form: O\'Brian and sons), it’s seem to break my stored procedure (including the possibility of allowing SQL injection).

Is there a way to avoid this situation with EDMX or the old way is more reliable ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You shouldn’t not need to do anything prior to the call to your Stored Proc.
    To help you, start the SQL Profiler to see what are the parameters sent to your database.
    I ran some tests and if I’m using a parameter like O’Brian, the framework automatically double the quote in the query to SQL.

    • 0