Skip to content
This repository has been archived by the owner on Feb 12, 2022. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
use statement to build sql query to avoid the possibility for SQLi se…
…curity risk
  • Loading branch information
Qingchun Ren committed Jun 17, 2016
1 parent c6fd2c9 commit 83b3e91
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions SalesforceSDK/SmartStore/Store/QuerySpec.cs
Expand Up @@ -45,12 +45,15 @@ public enum SqlOrder
DESC
};

private const string SelectCount = "SELECT count(*) ";
private const string Select = "SELECT ";
private const string From = "FROM ";
private const string Where = "WHERE ";
private const string OrderBy = "ORDER BY ";

private const string SelectCount = "SELECT count(*) ";
private const string SelectCountFrom = SelectCount + "FROM ({0})";


public readonly string BeginKey;
public readonly string CountSmartSql;
public readonly string EndKey;
Expand Down Expand Up @@ -148,8 +151,7 @@ private String ComputeCountSql()
/// <returns></returns>
private string ComputeCountSql(string smartSql)
{
int fromLocation = smartSql.ToLower().IndexOf(" from ", StringComparison.CurrentCultureIgnoreCase);
return SelectCount + smartSql.Substring(fromLocation);
return string.Format(SelectCountFrom, smartSql);
}

/// <summary>
Expand Down

0 comments on commit 83b3e91

Please sign in to comment.