Dapper: [QUESTION] Strongly typed queries
_(not sure if okay to ask here)_
I just read https://scottsauber.com/2018/08/11/strongly-typing-your-dapper-queries-using-nameof/ - and I see it as a good solution.
In his conclusion he writes that "some may hate this", but I have kind of hard
understanding why it would be a bad idea creating the queries like that.
Can I anyone describe what cons may come out of doing it like the article explain?
TryingToImprove
All 2 comments
The main issue I see is with readability. A query with many placeholders can quickly become hard to read. Imagine a query with many fields / joins. However, I think you have to determine if the trade-off is worth it. It all depends on your use case (IMO).
nathanielhall
on 15 Jan 2019
A few off the top of my head:
- Readability
- Debuggability (no ability to say copy/paste debug)
- SQL injection attacks. The moment someone uses anything besides a
nameofin there, it's very easy to stick a string in and you have yourself a SQL injection attack.
Because of number 3, I very strongly recommend against this. See this EntityFramework issue where they're changing how the built-in support works for this due to the above issues - I illustrated how SQL injection happens there too: https://github.com/aspnet/EntityFrameworkCore/issues/10996
NickCraver
on 27 Jan 2019
Related issues
yozawiratama
路
5Comments
huobazi
路
4Comments
R2D221
路
4Comments
unipeg
路
3Comments
scorgatelli
路
5Comments
Most helpful comment
The main issue I see is with readability. A query with many placeholders can quickly become hard to read. Imagine a query with many fields / joins. However, I think you have to determine if the trade-off is worth it. It all depends on your use case (IMO).