Refactor SQL query execution in AddEnvelopeReceiverAsync

Updated the SQL query execution in the EnvelopeReceiverExecutor class to use a formatted SQL string directly with parameters instead of a parameterized query method. This change simplifies the execution but may introduce SQL injection risks and affect performance.
2025-05-07 13:14:40 +02:00 · 2025-05-07 13:14:40 +02:00 · 5fc689ee4d
commit 5fc689ee4d
parent 38d05850e3
1 changed files with 2 additions and 1 deletions
--- a/EnvelopeGenerator.Infrastructure/Executor/EnvelopeReceiverExecutor.cs
+++ b/EnvelopeGenerator.Infrastructure/Executor/EnvelopeReceiverExecutor.cs
@ -23,8 +23,9 @@ public class EnvelopeReceiverExecutor: SQLExecutor, IEnvelopeReceiverExecutor
    {
        using var connection = new SqlConnection(Params.ConnectionString);
        var sql = Provider.GetRequiredService<EnvelopeReceiverAddReadSQL>();
        var formattedSql = string.Format(sql.Raw, envelope_uuid.ToSqlParam(), emailAddress.ToSqlParam(), salutation.ToSqlParam(), phone.ToSqlParam());
        await connection.OpenAsync(cancellation);
-        var envelopeReceivers = await connection.QueryAsync<EnvelopeReceiver>(sql.Raw, EnvelopeReceiverAddReadSQL.CreateParameters(envelope_uuid, emailAddress, salutation, phone));
+        var envelopeReceivers = await connection.QueryAsync<EnvelopeReceiver>(formattedSql);
        var er = envelopeReceivers.FirstOrDefault();
        if (er is null)