AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refactor SQL query execution in AddEnvelopeReceiverAsync

Browse Source 
Updated the SQL query execution in the EnvelopeReceiverExecutor class to use a formatted SQL string directly with parameters instead of a parameterized query method. This change simplifies the execution but may introduce SQL injection risks and affect performance.
This commit is contained in:
Developer 02 2025-05-07 13:14:40 +02:00
parent 38d05850e3
commit 5fc689ee4d
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
EnvelopeGenerator.Infrastructure/Executor/EnvelopeReceiverExecutor.cs
View File

@ -23,8 +23,9 @@ public class EnvelopeReceiverExecutor: SQLExecutor, IEnvelopeReceiverExecutor
{
using var connection = new SqlConnection(Params.ConnectionString);
var sql = Provider.GetRequiredService<EnvelopeReceiverAddReadSQL>();
var formattedSql = string.Format(sql.Raw, envelope_uuid.ToSqlParam(), emailAddress.ToSqlParam(), salutation.ToSqlParam(), phone.ToSqlParam());
await connection.OpenAsync(cancellation);
var envelopeReceivers = await connection.QueryAsync<EnvelopeReceiver>(sql.Raw, EnvelopeReceiverAddReadSQL.CreateParameters(envelope_uuid, emailAddress, salutation, phone));
var envelopeReceivers = await connection.QueryAsync<EnvelopeReceiver>(formattedSql);
var er = envelopeReceivers.FirstOrDefault();
if (er is null)