Count method's 2 parameter overload isn't SQL-injection proof #159

Merged
merged 1 commit into from Dec 3, 2012
+2 −2
View
4 Massive.cs
@@ -585,8 +585,8 @@ private dynamic BuildPagedResult(string sql = "", string primaryKeyField = "", s
public int Count() {
return Count(TableName);
}
- public int Count(string tableName, string where="") {
- return (int)Scalar("SELECT COUNT(*) FROM " + tableName+" "+where);
+ public int Count(string tableName, string where="", params object[] args) {
+ return (int)Scalar("SELECT COUNT(*) FROM " + tableName+" "+ where, args);
}
/// <summary>