IllegalSqlFragmentTokens too strict

This one’s caught me out before, but took me a while to find it today.

This is with OrmlIte for MySQL.

I have a join, with a Where clause built from strings:

var q = Db.From<T1>();
q = q.Join<T2>((a,b) => a.SomeId = b.Id);

string fields = "HOST = {0} AND FRIENDLYPATH = {1}";
string[] values = ["abc", "def"];
q. Where(fields, values);

This throws the “Potential illegal fragment detected” exception.

Because I have the field name FRI"end"LYPATH and “end” is in the illegal fragment list

What’s the right way to pass these in? Or should the IllegalSqlFragmentTokens be more clever when the word is just a substring?

You can either bypass the illegal token validation by using .UnsafeWhere() or modify the pre-defined IllegalSqlFragmentTokens list.

Thanks, the UnsafeWhere probably good here.

Is there a convenience function to escape a string to be safe?

We have a string.SqlVerifyFragment() extension method, but you should really avoid relying on escaping strings and use db params for user input instead.