Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sql Builder #653

Open
brodotnet opened this issue Aug 20, 2022 · 1 comment
Open

Sql Builder #653

brodotnet opened this issue Aug 20, 2022 · 1 comment

Comments

@brodotnet
Copy link

brodotnet commented Aug 20, 2022
edited by asherber

Hi Everyone, i want a ask about Sql builder.
I want to create database schema with postgreSql provider using sql builder function , but when this function executed with below code, the result always generated "0" as schema name

When i try with this code sql.Append("DECLARE myvar TEXT = @0 ; ","demo"); the result it should be DECLARE myvar TEXT = 'demo' instead it became like this DECLARE myvar TEXT = '0 .
and i try with this code sql.Append($"DECLARE myvar TEXT = '{schemaName}' ; "); and its works.
but I want to avoid sql injection, therefore I use sql builder function.

**Fullcode below **

  Sql sql = new Sql();
  sql.Append("DO $$");
  sql.Append($"DECLARE myvar TEXT = '{name}' ; ");
  sql.Append("BEGIN EXECUTE 'CREATE SCHEMA ' || quote_ident(myvar); END $$;");
  await database.ExecuteAsync(sql);

Thank you.

image

image
@asherber
Copy link
Collaborator

I don't think this is an issue with PetaPoco -- the SQL fed to the command seems to be just what you asked for. Are you sure that Postgres allows the use of parameters in declaring a variable?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@asherber @brodotnet