internal static void BuildStoredProcedureName(StringBuilder builder, string part)
        {
            if ((null != part) && (0 < part.Length))
            {
                if ('[' == part[0])
                {
                    int count = 0;
                    foreach (char c in part)
                    {
                        if (']' == c)
                        {
                            count++;
                        }
                    }
                    if (1 == (count % 2))
                    {
                        builder.Append(part);
                        return;
                    }
                }

                // the part is not escaped, escape it now
                SqlServerEscapeHelper.EscapeIdentifier(builder, part);
            }
        }
Exemplo n.º 2
0
 internal static string FixupDatabaseTransactionName(string name)
 {
     if (!ADP.IsEmpty(name))
     {
         return SqlServerEscapeHelper.EscapeIdentifier(name);
     }
     return name;
 }
Exemplo n.º 3
0
 // Surround name in brackets and then escape any end bracket to protect against SQL Injection.
 // NOTE: if the user escapes it themselves it will not work, but this was the case in V1 as well
 // as native OleDb and Odbc.
 static internal string FixupDatabaseTransactionName(string name)
 {
     if (!string.IsNullOrEmpty(name))
     {
         return(SqlServerEscapeHelper.EscapeIdentifier(name));
     }
     else
     {
         return(name);
     }
 }
Exemplo n.º 4
0
 internal static void BuildStoredProcedureName(StringBuilder builder, string part)
 {
     if ((part != null) && (0 < part.Length))
     {
         if ('[' == part[0])
         {
             int num2 = 0;
             foreach (char ch in part)
             {
                 if (']' == ch)
                 {
                     num2++;
                 }
             }
             if (1 == (num2 % 2))
             {
                 builder.Append(part);
                 return;
             }
         }
         SqlServerEscapeHelper.EscapeIdentifier(builder, part);
     }
 }
        private BulkCopySimpleResultSet CreateAndExecuteInitialQuery()
        {
            string[] strArray;
            try
            {
                strArray = MultipartIdentifier.ParseMultipartIdentifier(this.DestinationTableName, "[\"", "]\"", "SQL_BulkCopyDestinationTableName", true);
            }
            catch (Exception exception)
            {
                throw SQL.BulkLoadInvalidDestinationTable(this.DestinationTableName, exception);
            }
            if (ADP.IsEmpty(strArray[3]))
            {
                throw SQL.BulkLoadInvalidDestinationTable(this.DestinationTableName, null);
            }
            BulkCopySimpleResultSet bulkCopyHandler = new BulkCopySimpleResultSet();
            string str3 = "select @@trancount; SET FMTONLY ON select * from " + this.DestinationTableName + " SET FMTONLY OFF ";

            if (this._connection.IsShiloh)
            {
                string str5;
                if (this._connection.IsKatmaiOrNewer)
                {
                    str5 = "sp_tablecollations_100";
                }
                else if (this._connection.IsYukonOrNewer)
                {
                    str5 = "sp_tablecollations_90";
                }
                else
                {
                    str5 = "sp_tablecollations";
                }
                string str  = strArray[3];
                bool   flag = (str.Length > 0) && ('#' == str[0]);
                if (!ADP.IsEmpty(str))
                {
                    str = SqlServerEscapeHelper.EscapeIdentifier(SqlServerEscapeHelper.EscapeStringAsLiteral(str));
                }
                string str2 = strArray[2];
                if (!ADP.IsEmpty(str2))
                {
                    str2 = SqlServerEscapeHelper.EscapeIdentifier(SqlServerEscapeHelper.EscapeStringAsLiteral(str2));
                }
                string str4 = strArray[1];
                if (flag && ADP.IsEmpty(str4))
                {
                    str3 = str3 + string.Format(null, "exec tempdb..{0} N'{1}.{2}'", new object[] { str5, str2, str });
                }
                else
                {
                    if (!ADP.IsEmpty(str4))
                    {
                        str4 = SqlServerEscapeHelper.EscapeIdentifier(str4);
                    }
                    str3 = str3 + string.Format(null, "exec {0}..{1} N'{2}.{3}'", new object[] { str4, str5, str2, str });
                }
            }
            Bid.Trace("<sc.SqlBulkCopy.CreateAndExecuteInitialQuery|INFO> Initial Query: '%ls' \n", str3);
            this._parser.TdsExecuteSQLBatch(str3, this.BulkCopyTimeout, null, this._stateObj);
            this._parser.Run(RunBehavior.UntilDone, null, null, bulkCopyHandler, this._stateObj);
            return(bulkCopyHandler);
        }
 private void AppendColumnNameAndTypeName(StringBuilder query, string columnName, string typeName)
 {
     SqlServerEscapeHelper.EscapeIdentifier(query, columnName);
     query.Append(" ");
     query.Append(typeName);
 }