This is a parametrized query:
string sqlQuery = @"UPDATE MyTable SET MyTableItemName = @newName WHERE MyTableItemId = @id;";
await _context.Database.ExecuteSqlRawAsync(
sqlQuery,
new SqlParameter("@newName", "Test name"),
new SqlParameter("@id", 1)
);
If the parameters will come from a client side, would this query prevent SQL Injection attacks?
If not, what would be an alternative besides using LINQ queries?