//--------------------------------------------------------------------- /// <summary> /// Loads the given query text, and arguments and automatically /// parameterizes the given query and builds the necessary /// parameters /// </summary> /// <param name="QueryText">Formatted query string</param> /// <param name="args">Formatted query string parameters</param> /// <returns> /// Returns true on success, false otherwise /// </returns> //--------------------------------------------------------------------- public bool LoadQueryText(String QueryText, params Object[] args) { try { AntiSQLiCommon.ParameterizeAndLoadQuery <TParameter>(QueryText, SqlCommandObject, args); return(true); } catch (Exception e) { return(false); } }
/// <summary> /// For Microsoft.Azure.Documents.SqlQuerySpec https://docs.microsoft.com/fr-fr/dotnet/api/microsoft.azure.documents.sqlqueryspec?view=azure-dotnet /// </summary> /// <param name="sqs"></param> /// <param name="queryText"></param> /// <param name="queryTextArgs"></param> public static void LoadQuerySecure(this SqlQuerySpec sqs, String queryText, params Object[] queryTextArgs) { AntiSQLiCommon.ParameterizeAndLoadQuery(sqs, queryText, queryTextArgs); }
//--------------------------------------------------------------------- /// <summary> /// Extension to System.Data.SqlClient to load query with untrusted /// data provided in args parameters safely to mitigate the risk from /// SQL injection attacks /// </summary> /// <param name="cmd"></param> /// <param name="queryText">Query string to execute</param> /// <param name="queryTextArgs">Parameters</param> //--------------------------------------------------------------------- public static void LoadQuerySecure(this System.Data.SqlClient.SqlCommand sqlCommandObj, String queryText, params Object[] queryTextArgs) { AntiSQLiCommon.ParameterizeAndLoadQuery <System.Data.SqlClient.SqlParameter>(sqlCommandObj, queryText, queryTextArgs); }