private XElement ReadTransactionTable(SqliteDatabaseContext databaseContext, string tableName, IEnumerable <string> transactionIds)
{
XElement table = new XElement(tableName);
XElement tableRow;
SqliteTableSchema tableSchemaInfo = databaseContext.GetTableSchemaInfo(tableName);
foreach (string transactionId in transactionIds)
{
// To prevent SQL injection, we need to use parameterized SQL as followed.
string queryTransactionStatement = string.Format("SELECT * FROM {0} WHERE TRANSACTIONID = {1} COLLATE NOCASE;", tableName, TransactionIdParameter);
SqlQuery query = new SqlQuery(queryTransactionStatement);
query.Parameters.Add(TransactionIdParameter, transactionId);
try
{
using (var resultSet = databaseContext.ExecuteQuery(query))
{
while (resultSet.Read())
{
List <XAttribute> attributes = new List <XAttribute>();
for (int i = 0; i < resultSet.FieldCount; ++i)
{
if (resultSet.GetValue <object>(i) == null)
{
attributes.Add(new XAttribute(resultSet.GetName(i).ToUpperInvariant(), string.Empty));
}
else
{
Type expectedManagedType = tableSchemaInfo.ColumnsByColumnName[resultSet.GetName(i).ToUpperInvariant()].ManagedType;
attributes.Add(new XAttribute(resultSet.GetName(i).ToUpperInvariant(), resultSet.GetValue(i, expectedManagedType)));
}
}
tableRow = new XElement("ROW", attributes);
table.Add(tableRow);
}
}
}
catch (DatabaseException ex)
{
throw new StorageException(
StorageErrors.Microsoft_Dynamics_Commerce_Runtime_CriticalStorageError,
(int)ex.ErrorCode,
ex,
"Cannot read transaction data from transaction tables in the underlying SQLite database. See inner exception for details.");
}
}
return(table);
}