From 5fc689ee4d65c54e7db3ea049215c8088f767f02 Mon Sep 17 00:00:00 2001
From: Developer 02 <developer02@didaloghe.onmicrosoft.com>
Date: Wed, 7 May 2025 13:14:40 +0200
Subject: [PATCH] Refactor SQL query execution in AddEnvelopeReceiverAsync

Updated the SQL query execution in the EnvelopeReceiverExecutor class to use a formatted SQL string directly with parameters instead of a parameterized query method. This change simplifies the execution but may introduce SQL injection risks and affect performance.
---
 .../Executor/EnvelopeReceiverExecutor.cs                       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/EnvelopeGenerator.Infrastructure/Executor/EnvelopeReceiverExecutor.cs b/EnvelopeGenerator.Infrastructure/Executor/EnvelopeReceiverExecutor.cs
index 2dcbf8f6..1ff26eff 100644
--- a/EnvelopeGenerator.Infrastructure/Executor/EnvelopeReceiverExecutor.cs
+++ b/EnvelopeGenerator.Infrastructure/Executor/EnvelopeReceiverExecutor.cs
@@ -23,8 +23,9 @@ public class EnvelopeReceiverExecutor: SQLExecutor, IEnvelopeReceiverExecutor
     {
         using var connection = new SqlConnection(Params.ConnectionString);
         var sql = Provider.GetRequiredService<EnvelopeReceiverAddReadSQL>();
+        var formattedSql = string.Format(sql.Raw, envelope_uuid.ToSqlParam(), emailAddress.ToSqlParam(), salutation.ToSqlParam(), phone.ToSqlParam());
         await connection.OpenAsync(cancellation);
-        var envelopeReceivers = await connection.QueryAsync<EnvelopeReceiver>(sql.Raw, EnvelopeReceiverAddReadSQL.CreateParameters(envelope_uuid, emailAddress, salutation, phone));
+        var envelopeReceivers = await connection.QueryAsync<EnvelopeReceiver>(formattedSql);
         var er = envelopeReceivers.FirstOrDefault();
 
         if (er is null)