DapperAOT icon indicating copy to clipboard operation
DapperAOT copied to clipboard

Published 20 hours ago verified publisher icon DapperLib

Ensure parameter false positives are detected

Open mgravell opened this issue 10 months ago • 0 comments

See https://github.com/DapperLib/Dapper/issues/1914 and https://github.com/DapperLib/Dapper/issues/1971

In analyzer mode (not in generator mode), we should be able to detect the following queries as problematic, i.e. the true parameters are not the same as Dapper is going to assume:

select 'this ? looks like OLE DB'

and

select 'this ?looks? like pseudo-positional

The problem here is that the runtime SQL parser in Dapper detects both of these as meaning the wrong thing; they aren't parameters. Our existing parameter handler in TSQL should be able to detect this.

mgravell avatar Oct 10 '23 14:10 mgravell