0

I am using Entity Framework EDMX which automatically generates the needed functions i need for stored procedure executions as part of an auto generated class based on DBContext class.

for example, this is an auto generated function to execute stored procedure: 

public virtual ObjectResult<Company> GetCompanies(string companyName)
    {
        var companyNameParameter = companyName != null ?
            new ObjectParameter("CompanyName", companyName) :
            new ObjectParameter("CompanyName", typeof(string));

        return ((IObjectContextAdapter)this).ObjectContext.ExecuteFunction<Company>("GetCompanies", companyNameParameter);
    }

Since i am using dynamic SQL inside some of the stored procedure, i would like to override ExecuteFunction and use "Custom ExecuteFunction" function to add some sanitize functions there which will loop over each parameter and sanitize it. i am wondering, maybe i can create a custom ObjectContext class and use it somehow?

How can i do it in a way that i will still be able to use the EDMX Entity framework auto generates functions?

i know that there is some solutions to sanitize the parameters inside the SP but i still want to learn how can i use custom ExecuteFunction function or custom ObjectContext together with EDMX.

Improve this question
2
  • 2
    you shouldn't have to sanitize it ... if the problem is that you're concatenating the values and using EXEC (@sql) - then: don't do that - you should be using EXEC sp_executesql @sql, N'{args definition}', @arg0, @arg1, ... - which allows you to fully parameterize dynamic SQL; more context: learn.microsoft.com/en-us/sql/relational-databases/… Commented Nov 23, 2017 at 13:15
  • @MarcGravell i know that but i still want to learn how can i use custom ExecuteFunction function or custom ObjectContext together with EDMX. Commented Nov 23, 2017 at 13:19

1 Answer 1

Reset to default
1

How can i do it in a way that i will still be able to use the EDMX Entity framework auto generates functions?

Since the generated functions are virtual, you can override them in a subclass.

eg

public class MyDbContext2 : MyDbContext
{
    public override ObjectResult<Company> GetCompanies(string companyName)
    {
       Sanatize(companyname);
       return base.GetCompanies(companyName);
    }
//. . .
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

In that way, i need to do this to every function that needs to be sanitized in MyDBContext. Is there an option to override somehow the ExecuteFunction function by inherit from ObjectContext?
AFAIK no. And you only need to do this for the procedures where you are using dynamic SQL and not sanitizing the input parameters in the stored procedure itself.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.