Permalink
Browse files

Count() method isn't SQL-Inject proof

  • Loading branch information...
1 parent 32b0dee commit efe231645bc7b710ac178a6622899bb7bfb424ec @AntiGameZ committed Oct 14, 2012
Showing with 2 additions and 2 deletions.
  1. +2 −2 Massive.cs
View
@@ -585,8 +585,8 @@ private dynamic BuildPagedResult(string sql = "", string primaryKeyField = "", s
public int Count() {
return Count(TableName);
}
- public int Count(string tableName, string where="") {
- return (int)Scalar("SELECT COUNT(*) FROM " + tableName+" "+where);
+ public int Count(string tableName, string where="", params object[] args) {
+ return (int)Scalar("SELECT COUNT(*) FROM " + tableName+" "+ where, args);
}
/// <summary>

1 comment on commit efe2316

@robconery

This still isn't SQL Injection proof :)

Please sign in to comment.