David_F
David_F
PostsComments
CC#
Created by Turwaith on 5/24/2024 in #help
Preventing SQL Injections with string based queries
placeholder already includes @ prefix
30 replies
CC#
Created by Turwaith on 5/24/2024 in #help
Preventing SQL Injections with string based queries
also in your code at line sql = sql.Replace("@" + placeholder, value); there is a redundant "@" +
30 replies
CC#
Created by Turwaith on 5/24/2024 in #help
Preventing SQL Injections with string based queries
I've checked with Bing Copilot it says that your string formatting does not prevent SQL injection. Try this 
SqlCommand cmd = new SqlCommand("SELECT * FROM Customers WHERE City = @City");
cmd.Parameters.Add(new SqlParameter("@City", "London'; DROP TABLE Customers; --"));
string sql = GetParsedSqlCommand(cmd);
SqlCommand cmd = new SqlCommand("SELECT * FROM Customers WHERE City = @City");
cmd.Parameters.Add(new SqlParameter("@City", "London'; DROP TABLE Customers; --"));
string sql = GetParsedSqlCommand(cmd);
30 replies
CC#
Created by Turwaith on 5/24/2024 in #help
Preventing SQL Injections with string based queries
I mean, you need to check whether SqlParameter type prevents such abuse
30 replies
CC#
Created by Turwaith on 5/24/2024 in #help
Preventing SQL Injections with string based queries
@Turwaith also I am not sure you prevent SQL injection in your code when case System.Data.SqlDbType.Text: and you invoke param.Value.ToString().Replace("'", "''") what happens when I inject malicious text in param?
30 replies
CC#
Created by Turwaith on 5/24/2024 in #help
Preventing SQL Injections with string based queries
Did you consider EF Core for constructing queries and then using .ToQueryString() method or something similar?
30 replies
CC#
Created by Turwaith on 5/24/2024 in #help
Preventing SQL Injections with string based queries
I mean why did you choose SqlCommand as input?
30 replies
CC#
Created by Turwaith on 5/24/2024 in #help
Preventing SQL Injections with string based queries
@Turwaith are you the one constructing the queries that you pass to the SDK?
30 replies
CC#
Created by McMahone on 10/2/2023 in #help
❔ Sending a message to ServiceBus topic from ASP.NET Web API controller
https://learn.microsoft.com/en-us/events/dotnetconf-2021/modern-net-messaging-using-masstransit
12 replies
CC#
Created by McMahone on 10/2/2023 in #help
❔ Sending a message to ServiceBus topic from ASP.NET Web API controller
see configuration in https://masstransit.io/documentation/configuration
12 replies
CC#
Created by Bamblobski on 10/2/2023 in #help
❔ Empty date field
maybe because your date field is not nullable?
6 replies
CC#
Created by McMahone on 10/2/2023 in #help
❔ Sending a message to ServiceBus topic from ASP.NET Web API controller
https://masstransit.io/introduction
12 replies
CC#
Created by McMahone on 10/2/2023 in #help
❔ Sending a message to ServiceBus topic from ASP.NET Web API controller
Check out MassTransit library, it's recommended by Microsoft
12 replies
CC#
Created by McMahone on 10/2/2023 in #help
❔ Sending a message to ServiceBus topic from ASP.NET Web API controller
where is the question? 🙂
12 replies
CC#
Created by Jer on 10/1/2023 in #help
❔ Task tracking
@Jer also remember to propagate or request from DI the cancellationToken that fires when shutdown is requested in every logic the tasks do because cancellation should be cooperative. ASP .NET Core by default gives a couple of seconds to allow gracefull shutdown and after these seconds pass, the process exits anyway not waiting for your background work
13 replies
CC#
Created by Jer on 10/1/2023 in #help
❔ Task tracking
@Jer maybe you can use ConcurrentBag<T> instead of List<T> to avoid locking by yourself. Another alternative is SynchronizedCollection<T> if you need index access to the list. Maybe ConcurrentBag<T> is enough for your use case
13 replies
CC#
Created by Jer on 10/1/2023 in #help
❔ Task tracking
@Jer you should avoid ever growing collections in any case. Cleaning only on shutdown is not enough
13 replies
CC#
Created by Jer on 10/1/2023 in #help
❔ Task tracking
@Jer maybe you can use .ContinueWith(...) method that accepts TaskContinuationOptions enum for each task to remove itself on completion from your collection of tasks
13 replies
CC#
Created by David_F on 9/22/2023 in #help
✅ How to check user's target framework moniker in my source generator?
thanks
13 replies
CC#
Created by David_F on 9/22/2023 in #help
✅ How to check user's target framework moniker in my source generator?
Stopwatch.GetElapsedTime
13 replies