internal static void BuildStoredProcedureName(StringBuilder builder, string part) { if ((null != part) && (0 < part.Length)) { if ('[' == part[0]) { int count = 0; foreach (char c in part) { if (']' == c) { count++; } } if (1 == (count % 2)) { builder.Append(part); return; } } // the part is not escaped, escape it now SqlServerEscapeHelper.EscapeIdentifier(builder, part); } }
internal static string FixupDatabaseTransactionName(string name) { if (!ADP.IsEmpty(name)) { return SqlServerEscapeHelper.EscapeIdentifier(name); } return name; }
// Surround name in brackets and then escape any end bracket to protect against SQL Injection. // NOTE: if the user escapes it themselves it will not work, but this was the case in V1 as well // as native OleDb and Odbc. static internal string FixupDatabaseTransactionName(string name) { if (!string.IsNullOrEmpty(name)) { return(SqlServerEscapeHelper.EscapeIdentifier(name)); } else { return(name); } }
internal static void BuildStoredProcedureName(StringBuilder builder, string part) { if ((part != null) && (0 < part.Length)) { if ('[' == part[0]) { int num2 = 0; foreach (char ch in part) { if (']' == ch) { num2++; } } if (1 == (num2 % 2)) { builder.Append(part); return; } } SqlServerEscapeHelper.EscapeIdentifier(builder, part); } }
private BulkCopySimpleResultSet CreateAndExecuteInitialQuery() { string[] strArray; try { strArray = MultipartIdentifier.ParseMultipartIdentifier(this.DestinationTableName, "[\"", "]\"", "SQL_BulkCopyDestinationTableName", true); } catch (Exception exception) { throw SQL.BulkLoadInvalidDestinationTable(this.DestinationTableName, exception); } if (ADP.IsEmpty(strArray[3])) { throw SQL.BulkLoadInvalidDestinationTable(this.DestinationTableName, null); } BulkCopySimpleResultSet bulkCopyHandler = new BulkCopySimpleResultSet(); string str3 = "select @@trancount; SET FMTONLY ON select * from " + this.DestinationTableName + " SET FMTONLY OFF "; if (this._connection.IsShiloh) { string str5; if (this._connection.IsKatmaiOrNewer) { str5 = "sp_tablecollations_100"; } else if (this._connection.IsYukonOrNewer) { str5 = "sp_tablecollations_90"; } else { str5 = "sp_tablecollations"; } string str = strArray[3]; bool flag = (str.Length > 0) && ('#' == str[0]); if (!ADP.IsEmpty(str)) { str = SqlServerEscapeHelper.EscapeIdentifier(SqlServerEscapeHelper.EscapeStringAsLiteral(str)); } string str2 = strArray[2]; if (!ADP.IsEmpty(str2)) { str2 = SqlServerEscapeHelper.EscapeIdentifier(SqlServerEscapeHelper.EscapeStringAsLiteral(str2)); } string str4 = strArray[1]; if (flag && ADP.IsEmpty(str4)) { str3 = str3 + string.Format(null, "exec tempdb..{0} N'{1}.{2}'", new object[] { str5, str2, str }); } else { if (!ADP.IsEmpty(str4)) { str4 = SqlServerEscapeHelper.EscapeIdentifier(str4); } str3 = str3 + string.Format(null, "exec {0}..{1} N'{2}.{3}'", new object[] { str4, str5, str2, str }); } } Bid.Trace("<sc.SqlBulkCopy.CreateAndExecuteInitialQuery|INFO> Initial Query: '%ls' \n", str3); this._parser.TdsExecuteSQLBatch(str3, this.BulkCopyTimeout, null, this._stateObj); this._parser.Run(RunBehavior.UntilDone, null, null, bulkCopyHandler, this._stateObj); return(bulkCopyHandler); }
private void AppendColumnNameAndTypeName(StringBuilder query, string columnName, string typeName) { SqlServerEscapeHelper.EscapeIdentifier(query, columnName); query.Append(" "); query.Append(typeName); }