public void WrapStringsInQuotes() { var sut = new CommandSanitizer(); var parameter = new CommandParameterMetadata { Name = "@StringParameter", Type = typeof(string).Name, Value = "This is the parameter value." }; var command = string.Format("SELECT * FROM Table WHERE StringColumn = {0}", parameter.Name); var result = sut.Process(command, new[] { parameter }); var expected = string.Format(CommandParameterParser.QuotedFormat, parameter.Value, parameter.Name); Assert.Contains(expected, result); }
public void ReplaceParameterPlaceholders() { var sut = new CommandSanitizer(); var parameter = new CommandParameterMetadata { Name = "@SomeParameter", Type = typeof(int).Name, Value = 1234 }; var command = string.Format("SELECT * FROM Table WHERE Id = {0}", parameter.Name); var result = sut.Process(command, new[] { parameter }); var expected = string.Format(CommandParameterParser.UnquotedFormat, parameter.Value, parameter.Name); Assert.Contains(expected, result); }