Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


Count method's 2 parameter overload isn't SQL-injection proof #159

merged 1 commit into from

2 participants


No description provided.


This still isn't SQL Injection proof :)


Thanks - I'll pull this in as, somehow, the args went away :(. However it is not SQL Injection proof just because the args are there... either way it's much better :)

@robconery robconery merged commit 0726eb3 into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Oct 14, 2012
  1. @AntiGameZ
This page is out of date. Refresh to see the latest.
Showing with 2 additions and 2 deletions.
  1. +2 −2 Massive.cs
4 Massive.cs
@@ -585,8 +585,8 @@ private dynamic BuildPagedResult(string sql = "", string primaryKeyField = "", s
public int Count() {
return Count(TableName);
- public int Count(string tableName, string where="") {
- return (int)Scalar("SELECT COUNT(*) FROM " + tableName+" "+where);
+ public int Count(string tableName, string where="", params object[] args) {
+ return (int)Scalar("SELECT COUNT(*) FROM " + tableName+" "+ where, args);
/// <summary>
Something went wrong with that request. Please try again.