Developer forum

Forum » Development » API Feature Request

API Feature Request

E-mail notifications

Reply
Posted on 23/02/2011 16:20:54
API Feature Request - Overload method on Dynamicweb.Database.ExecuteNonQuery

Would be nice if the method could take a SqlCommand instead of a string as it can produce alot of problems with ' in the various field values

Replies

 
Nicolai Høeg Pedersen
Posted on 23/02/2011 16:31:31
Reply
If you already have the command, can't you just do like this:
myCommand.ExecuteNonQuery();?
 
Posted on 23/02/2011 16:37:44
Reply
Yeah but u will have to create a sqlconn based upon the globalsettings and open close etc. etc. i mean its not a big deal todo as we allrdy do this today.

But since the feature is in the APi it would be nice if i could just pass the Sqlcommand to it to avoid ' issues etc, would make sense in my head atleast :)
 
Nicolai Høeg Pedersen
Posted on 23/02/2011 17:49:15
Reply
But you use a idbconnection.createcommand - so you cannot create a command without a connection... Or am I missing something? Probably :-).

And if you use Base.Request("") it will handle ' problems for you:

select * from table where somefield = base.request("someparameter")

Base.Request have a wide variety of sql injection prevention inside - and is updated on a regular basis.

 

You must be logged in to post in the forum