Dapper parameters not working

There are two issues here; firstly (although you note this in your question) where a.acct = '@ZYX', under SQL rules, does not make use of any parameter - it looks to match the literal string that happens to include an @ sign. For SQL-Server (see note below), the correct usage would be where a.acct = @ZYX.

However! Since you are use OdbcConnection, named parameters do not apply. If you are actually connecting to something like SQL-Server, I would strongly recommend using the pure ADO.NET clients, which have better features and performance than ODBC. However, if ODBC is your only option: it does not use named parameters. Until a few days ago, this would have represented a major problem, but as per Passing query parameters in Dapper using OleDb, the code (but not yet the NuGet package) now supports ODBC. If you build from source (or wait for the next release), you should be able to use:

...
where a.acct = ?

in your command, and:

var result = connection.Query(sqlString.ToString(),
new {
    anythingYouLike = accountNumber
});

Note that the name (anythingYouLike) is not used by ODBC, so can be... anything you like. In a more complex scenario, for example:

.Execute(sql, new { id = 123, name = "abc", when = DateTime.Now });

dapper uses some knowledge of how anonymous types are implemented to understand the original order of the values, so that they are added to the command in the correct sequence (id, name, when).

One final observation:

Which means dapper is not replacing the parameter with it's given value.

Dapper never replaces parameters with their given value. That is simply not the correct way to parameterize sql: the parameters are usually sent separately, ensuring:

  • there is no SQL injection risk
  • maximum query plan re-use
  • no issues of formatting

Note that some ADO.NET / ODBC providers could theoretically choose to implement things internally via replacement - but that is separate to dapper.

Tags:

C#

Dapper