SqlCommandFilters is a utility assembly that will automatically parse your SqlCommand.CommandText and parameterize it for you.
Why would you want to do this?
You want to leverage SQL Server Always Encrypted, but you your queries are not currently parameterized
You have a web application that builds all SQL input from elements on the user page. SQL Injection anyone?
You want better performance so you know you should parameterize your queries… but there are thousands of them.
You could by adding one using statement and one line of code accomplish all of the above?
You can with SqlCommandFilters. The source code is all posted on CodePlex.
How did you do this?
By using the Microsoft.SqlServer.TransactSql.ScriptDom namespace I was able to parse the SQL command text and automatically create and add parameters to the SqlParameters collection of the SqlCommand object. I used the excellent information provided by Arvind Shyamsundar found here: https://blogs.msdn.microsoft.com/arvindsh/tag/scriptdom/ as my starting point.
What constructs does it support?
There is a test / driver program that will allow you to easily test with over 20 different T-SQL constructs. The tool supports non-parameterized, partially parameterized and fully parameterized queries.
Is it hard to use? You be the judge. The important statement is line 18 – that is where all the magic happens.