Skip to content

Use parameterized TSQL queries#52326

Merged
gewarren merged 2 commits intodotnet:mainfrom
gewarren:tpl-example
Mar 16, 2026
Merged

Use parameterized TSQL queries#52326
gewarren merged 2 commits intodotnet:mainfrom
gewarren:tpl-example

Conversation

@gewarren
Copy link
Contributor

@gewarren gewarren commented Mar 16, 2026

No description provided.

Copilot AI review requested due to automatic review settings March 16, 2026 22:02
@gewarren gewarren requested review from a team and BillWagner as code owners March 16, 2026 22:02
@dotnetrepoman dotnetrepoman bot added this to the March 2026 milestone Mar 16, 2026
@gewarren gewarren enabled auto-merge (squash) March 16, 2026 22:03
BillWagner
BillWagner approved these changes Mar 16, 2026
View reviewed changes
Copy link
Member

@BillWagner BillWagner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM. Do we need to update the accompanying article so explain why parameterized queries are preferred?

@gewarren gewarren merged commit 318da46 into dotnet:main Mar 16, 2026
12 checks passed
Copilot AI reviewed Mar 16, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the TPL Dataflow “batch database” C# and Visual Basic snippets to avoid string-concatenated SQL by switching to parameterized SQL queries.

Changes:

  • Replaced string.Format-composed SQL in GetEmployeeID with parameterized queries.
  • Updated insert/select parameter creation code paths (including some formatting/field renames).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.

File Description
samples/snippets/visualbasic/VS_Snippets_Misc/tpldataflow_batchdatabase/vb/dataflowbatchdatabase.vb Parameterized GetEmployeeID query and updated insert parameter setup.
samples/snippets/csharp/VS_Snippets_Misc/tpldataflow_batchdatabase/cs/dataflowbatchdatabase.cs Parameterized GetEmployeeID query; changed insert parameter setup to AddWithValue.
Comments suppressed due to low confidence (1)

samples/snippets/visualbasic/VS_Snippets_Misc/tpldataflow_batchdatabase/vb/dataflowbatchdatabase.vb:85

  • In InsertEmployees, parameters are re-created on every loop iteration (Clear + Add). This adds overhead and can skew the batching performance demo. Consider adding the parameters once before the loop and only updating their .Value inside the loop.
                    For i As Integer = 0 To employees.Length - 1
                        ' Set parameters.
                        command.Parameters.Clear()
                        command.Parameters.Add("@lastName", SqlDbType.NVarChar).Value = employees(i).LastName
                        command.Parameters.Add("@firstName", SqlDbType.NVarChar).Value = employees(i).FirstName

                        ' Execute the command.
                        command.ExecuteNonQuery()
                    Next i

You can also share your feedback on Copilot code review. Take the survey.

samples/snippets/csharp/VS_Snippets_Misc/tpldataflow_batchdatabase/cs/dataflowbatchdatabase.cs
Comment on lines 88 to +93
for (int i = 0; i < employees.Length; i++)
{
// Set parameters.
command.Parameters.Clear();
command.Parameters.Add("@lastName", employees[i].LastName);
command.Parameters.Add("@firstName", employees[i].FirstName);
command.Parameters.AddWithValue("@lastName", employees[i].LastName);
command.Parameters.AddWithValue("@firstName", employees[i].FirstName);
samples/snippets/csharp/VS_Snippets_Misc/tpldataflow_batchdatabase/cs/dataflowbatchdatabase.cs
Comment on lines +142 to +143
command.Parameters.Add("@lastName", System.Data.SqlDbType.NVarChar).Value = lastName;
command.Parameters.Add("@firstName", System.Data.SqlDbType.NVarChar).Value = firstName;
.../snippets/visualbasic/VS_Snippets_Misc/tpldataflow_batchdatabase/vb/dataflowbatchdatabase.vb
Comment on lines +80 to +81
command.Parameters.Add("@lastName", SqlDbType.NVarChar).Value = employees(i).LastName
command.Parameters.Add("@firstName", SqlDbType.NVarChar).Value = employees(i).FirstName
.../snippets/visualbasic/VS_Snippets_Misc/tpldataflow_batchdatabase/vb/dataflowbatchdatabase.vb
Comment on lines +114 to +115
command.Parameters.Add("@lastName", lastName)
command.Parameters.Add("@firstName", firstName)
.../snippets/visualbasic/VS_Snippets_Misc/tpldataflow_batchdatabase/vb/dataflowbatchdatabase.vb
Imports System.Data.SqlClient
Imports System.Data.SqlServerCe
Imports System.Diagnostics
Imports System.IO
samples/snippets/csharp/VS_Snippets_Misc/tpldataflow_batchdatabase/cs/dataflowbatchdatabase.cs
Comment on lines 91 to +93
command.Parameters.Clear();
command.Parameters.Add("@lastName", employees[i].LastName);
command.Parameters.Add("@firstName", employees[i].FirstName);
command.Parameters.AddWithValue("@lastName", employees[i].LastName);
command.Parameters.AddWithValue("@firstName", employees[i].FirstName);
@gewarren
Copy link
Contributor Author

gewarren commented Mar 16, 2026

This LGTM. Do we need to update the accompanying article so explain why parameterized queries are preferred?

I don't think so. They were already used elsewhere on the page.

@gewarren gewarren deleted the tpl-example branch March 16, 2026 22:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@BillWagner BillWagner BillWagner approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

March 2026

Development

Successfully merging this pull request may close these issues.

3 participants

@gewarren @BillWagner