public void Format_ShouldEscape() { string sql = CommandText.Format("SELECT * FROM Region WHERE RegionDescription = @RegionDescription", new SqlParameter { DbType = DbType.String, ParameterName = "@RegionDescription", Value = "cica';\r\nDROP TABLE Region -- comment last quote" }); Assert.That(sql, Is.EqualTo("SELECT * FROM Region WHERE RegionDescription = 'cica'';\r\nDROP TABLE Region -- comment last quote'")); }
public void Format_ShouldAccept(string fmt) { IDataParameter p1 = new SqlParameter { DbType = DbType.Int32, Value = 1, ParameterName = "@RegionID" }, p2 = new SqlParameter { DbType = DbType.String, Value = "cica", ParameterName = "RegionDescription" /*direkt nincs @*/ }; Assert.That(CommandText.Format(fmt, p1, p2), Is.EqualTo("INSERT INTO Region (RegionID, RegionDescription) VALUES (1, 'cica')")); }
public void Format_ShouldValidateTheName(string sql) => Assert.Throws <KeyNotFoundException>(() => CommandText.Format(sql));
public void Format_ShouldValidateTheIndex(string sql) => Assert.Throws <IndexOutOfRangeException>(() => CommandText.Format(sql));
public void Format_ShouldThrowOnNull() { Assert.Throws <ArgumentNullException>(() => CommandText.Format(null)); Assert.Throws <ArgumentNullException>(() => CommandText.Format("", paramz: null)); }