public void WrapStringsInQuotes()
{
var sut = new CommandSanitizer();
var parameter = new CommandParameterMetadata
{
Name = "@StringParameter",
Type = typeof(string).Name,
Value = "This is the parameter value."
};
var command = string.Format("SELECT * FROM Table WHERE StringColumn = {0}", parameter.Name);
var result = sut.Process(command, new[] { parameter });
var expected = string.Format(CommandParameterParser.QuotedFormat, parameter.Value, parameter.Name);
Assert.Contains(expected, result);
}
public void ReplaceParameterPlaceholders()
{
var sut = new CommandSanitizer();
var parameter = new CommandParameterMetadata
{
Name = "@SomeParameter",
Type = typeof(int).Name,
Value = 1234
};
var command = string.Format("SELECT * FROM Table WHERE Id = {0}", parameter.Name);
var result = sut.Process(command, new[] { parameter });
var expected = string.Format(CommandParameterParser.UnquotedFormat, parameter.Value, parameter.Name);
Assert.Contains(expected, result);
}
