//---------------------------------------------------------------------
/// <summary>
/// Loads the given query text, and arguments and automatically
/// parameterizes the given query and builds the necessary
/// parameters
/// </summary>
/// <param name="QueryText">Formatted query string</param>
/// <param name="args">Formatted query string parameters</param>
/// <returns>
/// Returns true on success, false otherwise
/// </returns>
//---------------------------------------------------------------------
public bool LoadQueryText(String QueryText, params Object[] args)
{
try
{
AntiSQLiCommon.ParameterizeAndLoadQuery <TParameter>(QueryText, SqlCommandObject, args);
return(true);
}
catch (Exception e)
{
return(false);
}
}
/// <summary>
/// For Microsoft.Azure.Documents.SqlQuerySpec https://docs.microsoft.com/fr-fr/dotnet/api/microsoft.azure.documents.sqlqueryspec?view=azure-dotnet
/// </summary>
/// <param name="sqs"></param>
/// <param name="queryText"></param>
/// <param name="queryTextArgs"></param>
public static void LoadQuerySecure(this SqlQuerySpec sqs, String queryText, params Object[] queryTextArgs)
{
AntiSQLiCommon.ParameterizeAndLoadQuery(sqs, queryText, queryTextArgs);
}
//---------------------------------------------------------------------
/// <summary>
/// Extension to System.Data.SqlClient to load query with untrusted
/// data provided in args parameters safely to mitigate the risk from
/// SQL injection attacks
/// </summary>
/// <param name="cmd"></param>
/// <param name="queryText">Query string to execute</param>
/// <param name="queryTextArgs">Parameters</param>
//---------------------------------------------------------------------
public static void LoadQuerySecure(this System.Data.SqlClient.SqlCommand sqlCommandObj, String queryText, params Object[] queryTextArgs)
{
AntiSQLiCommon.ParameterizeAndLoadQuery <System.Data.SqlClient.SqlParameter>(sqlCommandObj, queryText, queryTextArgs);
}
