I do not know how to upgrade this code to retrieve output parameter from a stored procedure. For example that parameter name is TransactionPassCorrectly
(it is a return parameter for some calculation in database and its type is int)
public async Task<ActionResult<int>> UpdateSuperHeroFromSP(int SuperHeroId, string Place)
{
return await context.Database.ExecuteSqlRawAsync($"UpdateSuperHero {SuperHeroId},{Place}");
}
1条答案
按热度按时间6rqinv9w1#
You are't passing parameters there, you are injecting them, which is dangerous as it can lead to malicious abuse and/or incorrect results. It also doesn't work at all with output parameters.
Instead you need to pass parameters properly (using
SqlParameter
) or you can useExecuteSqlInterpolated
which can handle string interpolation without injecting. You then need to pick up the value off the parameter object.Note that the parameter in the
EXEC
statement needs theOUTPUT
keyword afterwards.You should also not rely on parameter order and instead specify the parameter names explicitly.
If the parameter could be
NULL
then you needreturn TransactionPassCorrectly.Value as int;
and you need to declare your functionTask<ActionResult<int?>>
.Note that the return value of
ExecuteSql
is not theRETURN
of a procedure (which you shouldn't really use anyway), it's just the number of rows modified if any. For return values you would needParameterDirection.ReturnValue
.