c# - is nHibernates Expression.Sql Parameterised? -


as per title i'm wondering if expression.sql parameterised, avoid sql injection attacks?

example:

expression.sql("{alias}.column ?", $"%{stringvalue}%", nhibernateutil.string); 

i've been having trouble getting column stored string contains numbers, compare value string, contains numbers (i think nhibernateutil.guesstype might getting little eager use integers when generating statement, particular column doesnt honor matchmode.always result in wildcards, thats separate question day).

any feedback appreciated.


Comments

Popular posts from this blog

account - Script error login visual studio DefaultLogin_PCore.js -

xcode - CocoaPod Storyboard error: -