I’m using ServiceStack.OrmLite.SqlServer with AutoQuery. Profiling the query in sql, I noticed a plain sql statement has been executed against the db having the parameter supplied directly within the sql statement. I was expecting to see the query(buitl by the ormlite engine) executed through the sp_executesql having the input parameter supplied as sql parameter (approach in use for ex by Linq2Sql).
I assume ormlite has some built-in sql injections prevention feature, but I wonder if the sp_executesql could improve the performance leveraging on the query planner.
AutoQuery uses OrmLite together with the Implicit Convention SQL template fragments - there’s no plan to change how it works.