Code works but looking for a better way

This code works. I've used LINQ to SQL on some projects but now wondering if there's a better way of coding this. I'm using stored procs and I want to see if I can use parameters for the stored proc. I don't want to use Entity Framework

1. I have a DBML
2. I have a stored proc
3. I have a model

4. I call the stored proc like this

 

  private LPDataContext _dbContext;
        public FormsRepository()
        {
            _dbContext = new LPDataContext();
        }

_dbContext.usp_InsertPersonali765Draft(model.ApplyReasonId, firstName, model.MiddleName,
                    familyName,
                    otherFirstName1, model.OtherMiddleName1, otherFamilyName1, otherFirstName2,
                    model.OtherMiddleName2,otherFamilyName2, otherFirstName3, model.OtherMiddleName3, otherFamilyName3,
                    streetAddress, model.AptNumber, city, model.StateId, model.ZipCode,
                   int.Parse(model.CountryOfNationality),
                    model.BirthCity, model.BirthState,int.Parse(model.CountryOfBirth), dateOfBirth, model.Gender,
                    model.MaritalStatusCode, model.UserName);

Open in new window


Is this code ok? should I leave it as is?  

How can I call the stored proc with parameters? This is an example of Linq to SQL insert but it doesn't use a stored proc Example

Another one here but it's not a stored proc Another example

EDIT: I'm concerened about SQL Injection but maybe how I have it is correct. See here Example 3 It says
Linq to SQL turns the curly braces into a parameterized query.
LVL 8
CamilliaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

käµfm³d 👽Commented:
Define "better".
CamilliaAuthor Commented:
Define "better".

I just edited the question. I think we posted at the same time. I'm concerned about SQL Injection but what I have is probably ok because of the last link I posted  
Linq to SQL turns the curly braces into a parameterized query.

By "better", I mean using parametrized query with Linq to SQL to avoid SQL Injection.
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Fernando SotoRetiredCommented:
Good Morning Camillia;

Have a look at these two links about working with Stored Procedures in Linq to SQL.

LINQ to SQL (Part 6 - Retrieving Data Using Stored Procedures)
LINQ to SQL (Part 7 - Updating our Database using Stored Procedures)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kyle AbrahamsSenior .Net DeveloperCommented:
https://weblogs.asp.net/scottgu/linq-to-sql-part-6-retrieving-data-using-stored-procedures

As long as it's mapped you're already using parameters and no need to worry about sql injection at that point.  In fact all of linq to sql does that.  When you can an execute query you're essentially negating all of that.  Mine as well go with a SQL Command.
CamilliaAuthor Commented:
Let me take a look.
I don't understand Kyle's response tho. You're saying linq to SQL takes care of parameterized query and how I have it now is ok?
Kyle AbrahamsSenior .Net DeveloperCommented:
Correct.  You're essentially calling C# code and linq to SQL does the "heavy lifting" of converting it to a parameterized query.
Fernando SotoRetiredCommented:
Hi Camillia;

Linq to SQL and Linq to Entity Framework both parameterize the query and SP's it sends to the server.
CamilliaAuthor Commented:
Thanks, guys. Reading the links posted here to get a better understanding.
Fernando SotoRetiredCommented:
Not a problem Camillia, always glad to help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.