using System;

using SqlKata;

using SqlKata.Compilers;

public class Program

{

    public static void Main()

    {

        var badData = "test'; DROP TABLE Users;";

        var compiler = new SqlServerCompiler();

        var query1 = new Query("Users")

            .WhereRaw("Name = ?", badData);

​

        var compiled1 = compiler.Compile(query1);

        Console.WriteLine(compiled1.ToString());

        Console.WriteLine("sql command> " + compiled1.Sql);

        Console.WriteLine("parameters> " + string.Join("|", compiled1.Bindings.ToArray()));

​

        Console.WriteLine("-----");

        var query2 = new Query("Users")

            .WhereRaw($"Name = '{badData}'");

        var compiled2 = compiler.Compile(query2);

        Console.WriteLine(compiled2.ToString());

        Console.WriteLine("sql command> " + compiled2.Sql);

        Console.WriteLine("parameters> " + string.Join("|", compiled2.Bindings.ToArray()));

    }

}