Skip to content

Commit dd5ffb7

Browse files
stevehansenclaude
stevehansen
and
claude
committed
fix: Use parameterized queries in DatabaseConnection to prevent SQL injection
Fixes #93 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 5f655dc commit dd5ffb7

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

src/SqlInliner/DatabaseConnection.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@ public string GetViewDefinition(string viewName)
7575
if (Connection == null)
7676
throw new InvalidOperationException("No database connection available.");
7777

78-
view = Connection.Query<string>($"SELECT OBJECT_DEFINITION(object_id('{viewName}'))").First();
78+
view = Connection.Query<string>("SELECT OBJECT_DEFINITION(object_id(@viewName))", new { viewName }).First();
7979

8080
var originalStart = view.IndexOf(DatabaseView.BeginOriginal, StringComparison.Ordinal);
8181
if (originalStart > 0)
@@ -108,7 +108,7 @@ public string GetViewDefinition(string viewName)
108108
if (Connection == null)
109109
return null;
110110

111-
return Connection.Query<string>($"SELECT OBJECT_DEFINITION(object_id('{viewName}'))").FirstOrDefault();
111+
return Connection.Query<string>("SELECT OBJECT_DEFINITION(object_id(@viewName))", new { viewName }).FirstOrDefault();
112112
}
113113

114114
/// <summary>

0 commit comments

Comments
 (0)