How can I pass parameters to a pass-through query in c#?
There is an EXEC
invocation especially for linked servers (see docs):
EXEC( 'SELECT * FROM User.Table WHERE col1 = ?', '<param>' ) AT linked_server
You could put all that in string query
and you would be safe from an SQL injection into the SELECT
statement, although you could get a syntax error for the EXEC
statement.