internal static void BuildStoredProcedureName(StringBuilder builder, string part)
{
if ((null != part) && (0 < part.Length))
{
if ('[' == part[0])
{
int count = 0;
foreach (char c in part)
{
if (']' == c)
{
count++;
}
}
if (1 == (count % 2))
{
builder.Append(part);
return;
}
}
// the part is not escaped, escape it now
SqlServerEscapeHelper.EscapeIdentifier(builder, part);
}
}
// Surround name in brackets and then escape any end bracket to protect against SQL Injection.
// NOTE: if the user escapes it themselves it will not work, but this was the case in V1 as well
// as native OleDb and Odbc.
static internal string FixupDatabaseTransactionName(string name)
{
if (!ADP.IsEmpty(name))
{
return(SqlServerEscapeHelper.EscapeIdentifier(name));
}
else
{
return(name);
}
}