You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When NpgSqlCommand is created with a string that contains escaped apostrophe, the parameters in the query after this string are not substitued even though the valid values are provided. Such parameters placed before the string with apostrophe are substitued correctly.
Following example creates a SQL "INSERT INTO TestTable (StringColumn, ByteaColumn) VALUES ('b''la', @someValue)" - the SomeValue is not substitued for the provided parameter value. If the @someValue would be placed before the 'b''la' string, everything would work.
using (var cmd = DbConnection.CreateCommand())
{
cmd.CommandText = "INSERT INTO TestTable (StringColumn, ByteaColumn) VALUES ('b''la', @SomeValue)";
cmd.Parameters.AddWithValue("SomeValue", new byte[] { 1, });
cmd.ExecuteNonQuery();
}
The text was updated successfully, but these errors were encountered:
Properly handle escaped single quote character ('') in a quoted section during query parameter substitution.
(cherry picked from commit 253b6f9)
Backport #307 from master
When NpgSqlCommand is created with a string that contains escaped apostrophe, the parameters in the query after this string are not substitued even though the valid values are provided. Such parameters placed before the string with apostrophe are substitued correctly.
Following example creates a SQL "INSERT INTO TestTable (StringColumn, ByteaColumn) VALUES ('b''la', @someValue)" - the SomeValue is not substitued for the provided parameter value. If the @someValue would be placed before the 'b''la' string, everything would work.
The text was updated successfully, but these errors were encountered: