Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Add parameter of FormattableString as an overload to CreateSQLQuery

Description

.NET 4.6.1 has access to a new type, FormattableString, that can get information from an interpolated string

So the idea is that CreateSQLQuery would add an overload taking FormattableString so that this:

could become:

As a benefit, it would also catch any sql injection when interpolation is used.

Environment

None

Activity

Show:

Frédéric Delaporte 
April 20, 2018 at 1:27 PM

Moved here.

Nathan Brown 
August 15, 2017 at 10:17 AM

It was just an idea I got from seeing how EF Core 2 does it.

See https://channel9.msdn.com/Blogs/dotnet/NET-Core-20-Released (Starts at 1:16:00).

Frédéric Delaporte 
August 15, 2017 at 7:21 AM

Yes I had seen that. Once escaped they should be treated as previously I think (but not yet ascertain). I have just missed the escaping in my previous comment, using the Markdown's one instead of the Jira's one.

By the way it looks to me there is an unfortunate typo in 17.1.4 example : c.MOTHER_ID = c.ID should be c.MOTHER_ID = m.ID in the first and second example. And all examples do mix c/cat and m/mother aliases, the third example being clearly wrong, the others at least suspicious. (I have not checked if the HQL alias in query should also match the curly alias.)

Frédéric Delaporte 
August 15, 2017 at 7:21 AM

Yes I had seen that. Once escaped they should be treated as previously I think (but not yet ascertain). I have just missed the escaping in my previous comment, using the Markdown's one instead of the Jira's one.

By the way it looks to me there is an unfortunate typo in 17.1.4 example : c.MOTHER_ID = c.ID should be c.MOTHER_ID = m.ID in the first and second example. And all examples do mix c/cat and m/mother aliases, the third example being clearly wrong, the other at least suspicious. (I have not checked if the HQL alias in query should also match the curly alias.)

Frédéric Delaporte 
August 15, 2017 at 7:20 AM

Yes I had seen that. Once escaped they should be treated as previously I think (but not yet ascertain). I have just missed the escaping in my previous comment, using the Markdown's one instead of the Jira's one.

By the way it looks to me there is an unfortunate typo in 17.1.4 example : c.MOTHER_ID = c.ID should be c.MOTHER_ID = m.ID in the first and second example. And all examples do mix c/cat and m/mother aliases, the third example being clearly wrong, the other at least suspicious. (I have not checked if the HQL alias in query should also match the curly alias.)

Won't Fix

Details

Assignee

Reporter

Labels

Components

Affects versions

Priority

Who's Looking?

Open Who's Looking?
Created August 15, 2017 at 4:59 AM
Updated April 20, 2018 at 1:27 PM
Resolved April 20, 2018 at 1:27 PM
Who's Looking?