IllegalSqlFragmentTokens too strict

cdmackie · April 13, 2017, 11:56pm

This one’s caught me out before, but took me a while to find it today.

This is with OrmlIte for MySQL.

I have a join, with a Where clause built from strings:

var q = Db.From<T1>();
q = q.Join<T2>((a,b) => a.SomeId = b.Id);

string fields = "HOST = {0} AND FRIENDLYPATH = {1}";
string[] values = ["abc", "def"];
q. Where(fields, values);

This throws the “Potential illegal fragment detected” exception.

Because I have the field name FRI"end"LYPATH and “end” is in the illegal fragment list

What’s the right way to pass these in? Or should the IllegalSqlFragmentTokens be more clever when the word is just a substring?

mythz · April 14, 2017, 12:03am

You can either bypass the illegal token validation by using .UnsafeWhere() or modify the pre-defined IllegalSqlFragmentTokens list.

cdmackie · April 14, 2017, 1:25am

Thanks, the UnsafeWhere probably good here.

cdmackie · April 14, 2017, 5:07pm

Is there a convenience function to escape a string to be safe?

mythz · April 14, 2017, 5:39pm

We have a string.SqlVerifyFragment() extension method, but you should really avoid relying on escaping strings and use db params for user input instead.