Dapper options are not overridden

Question

Dapper options are not overridden

I have been using Dapper on this project for several months now and there have been no problems. But now I have to use raw SQL instead of stored procedures with dapper to create and modify users and roles in the database as it is sp_addrolemember

deprecated.

I use this as my dapper code

conn.Open();
var p = new DynamicParameters();
p.Add("@UserLogin", user);
p.Add("@UserRole", role);
conn.Execute("Create User @UserLogin", p);
conn.Execute("ALTER ROLE @UserRole ADD MEMBER @UserLogin", p);

I keep getting the same error:

Invalid syntax in @UserLogin

I am passing mine domain\username

as login and I tried it without domain\

. Same. Can someone shed some light on this?

+3

c # sql dapper roles

Devin Prejean June 12. 17 at 21:20

source to share

1 answer

Turophile · Answer 1 · 2017-06-13T02:20:05+0000

I'm not familiar with Dapper, but you can try injecting parameter values into the SQL strings you submit for execution:

conn.Open();
conn.Execute("Create User " + user);
conn.Execute("ALTER ROLE " + role + " ADD MEMBER " + user);

Please note that this is related to security risks and may cause other problems!

Dapper options are not overridden

More articles: