From 06d25b6f5b46f5ca6a65abd50111c1ca9a8e3906 Mon Sep 17 00:00:00 2001
From: Developer 02 <developer02@didaloghe.onmicrosoft.com>
Date: Wed, 7 May 2025 13:09:59 +0200
Subject: [PATCH] Refactor SQL handling in EnvelopeGenerator application

- Added `System.Data` using directive in `EnvelopeCreateReadSQL.cs`.
- Updated SQL command strings to use parameter placeholders.
- Corrected method name from `CreateParmas` to `CreateParams` and added output parameter `@OutUid`.
- Made similar updates in `EnvelopeReceiverAddReadSQL.cs`.
- Introduced `ParamsExtensions` class with `ToSqlParam` method for converting .NET objects to SQL-safe parameter strings.
---
 .../SQL/EnvelopeCreateReadSQL.cs              | 17 +++++------
 .../SQL/EnvelopeReceiverAddReadSQL.cs         | 10 +++----
 .../SQL/ParamsExtensions.cs                   | 28 +++++++++++++++++++
 3 files changed, 42 insertions(+), 13 deletions(-)
 create mode 100644 EnvelopeGenerator.Application/SQL/ParamsExtensions.cs

diff --git a/EnvelopeGenerator.Application/SQL/EnvelopeCreateReadSQL.cs b/EnvelopeGenerator.Application/SQL/EnvelopeCreateReadSQL.cs
index 449eb9d2..40b05e68 100644
--- a/EnvelopeGenerator.Application/SQL/EnvelopeCreateReadSQL.cs
+++ b/EnvelopeGenerator.Application/SQL/EnvelopeCreateReadSQL.cs
@@ -1,6 +1,7 @@
 using Dapper;
 using EnvelopeGenerator.Application.Contracts.SQLExecutor;
 using EnvelopeGenerator.Domain.Entities;
+using System.Data;
 
 namespace EnvelopeGenerator.Application.SQL;
 
@@ -10,18 +11,17 @@ namespace EnvelopeGenerator.Application.SQL;
 public class EnvelopeCreateReadSQL : ISQL<Envelope>
 {
     /// <summary>
-    /// 
+    /// USER_ID, TITLE, TFAEnabled, MESSAGE
     /// </summary>
     public string Raw => @"
-        USE [DD_ECM];
         DECLARE @OUT_UID varchar(36);
 
         EXEC [dbo].[PRSIG_API_CREATE_ENVELOPE]
-            @USER_ID = @UserId,
-            @TITLE = @Title,
-            @TFAEnabled = @TfaEnabled,
-            @MESSAGE = @Message,
-            @OUT_UID = @OUT_UID OUTPUT;
+            {0},
+            {1},
+            {2},
+            {3},
+            @OUT_UID OUTPUT;
 
         SELECT TOP(1) *
         FROM [dbo].[TBSIG_ENVELOPE]
@@ -36,13 +36,14 @@ public class EnvelopeCreateReadSQL : ISQL<Envelope>
     /// <param name="message"></param>
     /// <param name="tfaEnabled"></param>
     /// <returns></returns>
-    public static DynamicParameters CreateParmas(int userId, string title = "", string message = "", bool tfaEnabled = false)
+    public static DynamicParameters CreateParams(int userId, string title = "", string message = "", bool tfaEnabled = false)
     {
         var parameters = new DynamicParameters();
         parameters.Add("@UserId", userId);
         parameters.Add("@Title", title);
         parameters.Add("@TfaEnabled", tfaEnabled ? 1 : 0);
         parameters.Add("@Message", message);
+        parameters.Add("@OutUid", dbType: DbType.String, size: 36, direction: ParameterDirection.Output);
         return parameters;
     }
 }
\ No newline at end of file
diff --git a/EnvelopeGenerator.Application/SQL/EnvelopeReceiverAddReadSQL.cs b/EnvelopeGenerator.Application/SQL/EnvelopeReceiverAddReadSQL.cs
index c065accd..1c499858 100644
--- a/EnvelopeGenerator.Application/SQL/EnvelopeReceiverAddReadSQL.cs
+++ b/EnvelopeGenerator.Application/SQL/EnvelopeReceiverAddReadSQL.cs
@@ -10,16 +10,16 @@ namespace EnvelopeGenerator.Application.SQL;
 public class EnvelopeReceiverAddReadSQL : ISQL<Envelope>
 {
     /// <summary>
-    /// 
+    /// ENV_UID, EMAIL_ADRESS, SALUTATION, PHONE, 
     /// </summary>
     public string Raw => @"
 		DECLARE	@OUT_RECEIVER_ID int
 
 		EXEC	[dbo].[PRSIG_API_CREATE_RECEIVER]
-				@ENV_UID,
-				@EMAIL_ADRESS,
-				@SALUTATION,
-				@PHONE,
+				{0},
+				{1},
+				{2},
+				{3},
 				@OUT_RECEIVER_ID OUTPUT
 
 		SELECT TOP(1) *
diff --git a/EnvelopeGenerator.Application/SQL/ParamsExtensions.cs b/EnvelopeGenerator.Application/SQL/ParamsExtensions.cs
new file mode 100644
index 00000000..2558eb5e
--- /dev/null
+++ b/EnvelopeGenerator.Application/SQL/ParamsExtensions.cs
@@ -0,0 +1,28 @@
+namespace EnvelopeGenerator.Application.SQL;
+
+/// <summary>
+/// Extension method for converting objects to SQL parameter strings.
+/// </summary>
+public static class ParamsExtensions
+{
+    /// <summary>
+    /// Converts a .NET object to its corresponding SQL-safe parameter string.
+    /// </summary>
+    /// <param name="obj">The object to convert.</param>
+    /// <returns>A string representing the SQL parameter.</returns>
+    public static string ToSqlParam(this object? obj)
+    {
+        if (obj is null)
+            return "NULL";
+        else if (obj is string strVal)
+            return $"'{strVal}'";
+        else if (obj is bool boolVal)
+            return boolVal ? "1" : "0";
+        else if (obj is double doubleVal)
+            return $"'{doubleVal}'";
+        else if (obj is int intVal)
+            return intVal.ToString();
+        else
+            throw new NotSupportedException($"Type '{obj.GetType().FullName}' is not supported for SQL parameter conversion.");
+    }
+}