| Reporter |
Sergey Mazov (msvprogs)
|
|---|---|
| Created | Dec 8, 2017 10:20:57 AM |
| Updated | Apr 6, 2018 4:53:05 PM |
| Subsystem | Code Analysis - C# |
| Assignee | Alexander Shvedov (shvedov) |
| Priority | Normal |
| State | Submitted |
| Type | Bug |
| Fix version | No Fix versions |
| Affected versions | 2017.2.2 |
| Fixed In Version ReSharper | Undefined |
| VsVersion | All Versions |
FromSql() actually uses not the standard .NET format placeholders but SQL parameter-like syntax.
It seems that the former were used too sometimes ago, but later this format was eliminated probably due to risk of SQL injections.
It seems that the former were used too sometimes ago, but later this format was eliminated probably due to risk of SQL injections.
//incorrect (doesn't work - returns empty set)
m_Context.ExchangeMarketPrices
.FromSql(@"SELECT * FROM ExchangeMarketPrices WHERE Created='{0:yyyy-MM-dd}'", DateTime.UtcNow);
//correct (works properly)
m_Context.ExchangeMarketPrices
.FromSql(@"SELECT * FROM ExchangeMarketPrices WHERE Created=@p0", DateTime.UtcNow);