c# - is nHibernates Expression.Sql Parameterised? -
as per title i'm wondering if expression.sql parameterised, avoid sql injection attacks?
example:
expression.sql("{alias}.column ?", $"%{stringvalue}%", nhibernateutil.string);
i've been having trouble getting column stored string contains numbers, compare value string, contains numbers (i think nhibernateutil.guesstype might getting little eager use integers when generating statement, particular column doesnt honor matchmode.always result in wildcards, thats separate question day).
any feedback appreciated.
Comments
Post a Comment