Using Dapper for parameterized queries

In the dapper operation MySQL database I described the use of dapper for Curd basic operation, but in the sample code, although the parameter is also through the @ start, but in fact is not the real meaning of the parameterized query, but splicing SQL, this method is not conducive to prevent SQL injection, So in Dappe, we can use dynamicparameters dynamic parameter collection to add parameters to realize parametric query under dapper;

Sample code

            using(varConnection =Newmysqlconnection (CONNSTR)) {                //declaring dynamic ParametersDynamicparameters Parameters =Newdynamicparameters (); //Start a transactionIDbTransaction transaction =connection.                BeginTransaction (); Try                {                    intCNT =0; stringSquery ="Delete from User"+"WHERE [email protected]"; //Adding ParametersParameters.Add ("Id", id); Connection. Execute (Squery, Parameters, transaction,NULL,NULL); //Commit a transactionTransaction.commit (); return true; }                Catch(Exception ex) {//exception occurred, transaction rollbacktransaction.                    Rollback (); return false; Throw NewException (ex.                Message); }            }

Using Dapper for parameterized queries