When I’m using the following code block(C#):
var query = context.Set.Where(o => o.Email.Contains("Mail@gmail.com"));
var stringQuery = ((System.Data.Objects.ObjectQuery)query).ToTraceString();
linq generates the following query:
SELECT *
FROM [SET] AS [Extent1]
WHERE [Extent1].[Email] LIKE '%Mail@gmail.com%'
When I’m using the following code block:
string email = "Mail@gmail.com";
var query = context.Set.Where(o => o.Email.Contains(email));
var stringQuery = ((System.Data.Objects.ObjectQuery)query).ToTraceString();
linq generates the following query:
SELECT *
FROM [Set] AS [Extent1]
WHERE [Extent1].[Email] LIKE @p__linq__0 ESCAPE N'~'
How can I get linq to generate the query like in the first case without having the string hardcoded, and instead passed as a string parameter?
The results you’ve seen are as they should be. The reason being, Linq correctly identifies the string literal as hardcoded and assumes that it is not subject to SQL injection and capture (i.e. it is constant and will not be a different value at the point the deferred query is run).
Similarly, it correctly identifies that the variable can vary, and that it could be user input. It uses a parameterised query which is the suggested/best practice for such cases.
If however you are sure that you would like to override this best practice (because you know better?) =) then you can walk the expression tree to find the variable access and replace the node with a ConstantExpression instead. I believe this will cause linq to hardcode the query as you’ve observed.
MSDN – Expression Tree Visitor
Pay attention to the
VisitMemberAccessmethod, and take a look at ConstantExpression MemberExpression.