Invoke-DbaSqlQuery parameter example (dataplat#4791)

lukaszmn-forks · Dec 9, 2018 · d6ad280 · d6ad280
1 parent 19f3320
commit d6ad280
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/functions/Invoke-DbaQuery.ps1 b/functions/Invoke-DbaQuery.ps1
@@ -85,7 +85,15 @@ function Invoke-DbaQuery {
         PS C:\> Get-DbaDatabase -SqlInstance "server1", "server1\nordwind", "server2" | Invoke-DbaQuery -File "C:\scripts\sql\rebuild.sql"
 
         Runs the sql commands stored in rebuild.sql against all accessible databases of the instances "server1", "server1\nordwind" and "server2"
-
+        
+    .EXAMPLE
+        PS C:\> Invoke-DbaQuery -SqlInstance . -Query 'SELECT * FROM users WHERE Givenname = @name' -SqlParameters @{ Name = "Maria" }
+        
+        Executes a simple query against the users table using SQL Parameters.
+        This avoids accidental SQL Injection and is the safest way to execute queries with dynamic content.
+        Keep in mind the limitations inherent in parameters - it is quite impossible to use them for content references.
+        While it is possible to parameterize a where condition, it is impossible to use this to select which columns to select.
+        The inserted text will always be treated as string content, and not as a reference to any SQL entity (such as columns, tables or databases).
     #>
     [CmdletBinding(DefaultParameterSetName = "Query")]
     param (
@@ -319,4 +327,4 @@ function Invoke-DbaQuery {
         Test-DbaDeprecation -DeprecatedOn '1.0.0' -Alias Invoke-DbaCmd
         Test-DbaDeprecation -DeprecatedOn "1.0.0" -EnableException:$false -Alias Invoke-DbaSqlQuery
     }
-}
+}