Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Count method's 2 parameter overload isn't SQL-injection proof #159

Merged
merged 1 commit into from

2 participants

Sijie Chen Rob Conery
Sijie Chen

No description provided.

Rob Conery
Owner

This still isn't SQL Injection proof :)

Rob Conery
Owner

Thanks - I'll pull this in as, somehow, the args went away :(. However it is not SQL Injection proof just because the args are there... either way it's much better :)

Rob Conery robconery merged commit 0726eb3 into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Oct 14, 2012
  1. Sijie Chen
This page is out of date. Refresh to see the latest.
Showing with 2 additions and 2 deletions.
  1. +2 −2 Massive.cs
4 Massive.cs
View
@@ -585,8 +585,8 @@ private dynamic BuildPagedResult(string sql = "", string primaryKeyField = "", s
public int Count() {
return Count(TableName);
}
- public int Count(string tableName, string where="") {
- return (int)Scalar("SELECT COUNT(*) FROM " + tableName+" "+where);
+ public int Count(string tableName, string where="", params object[] args) {
+ return (int)Scalar("SELECT COUNT(*) FROM " + tableName+" "+ where, args);
}
/// <summary>
Something went wrong with that request. Please try again.