search

Elfocrash / Cosmonaut

🌐 A supercharged Azure CosmosDB .NET SDK with ORM support
https://cosmonaut.readthedocs.io
MIT License
342 stars 44 forks source link

Ability to pass a dictionary to Query for sql params #66

Closed StickNitro closed 5 years ago

StickNitro commented 5 years ago

Is it possible to pass in a Dictionary<string, object> to the Query<T> method on the CosmonautClient. I am generating a dynamic SQL statement based on query parameters passed into a HTTP method. To avoid SQL Injection attacks I am using the SQL query params but in my case I am unable to use an anonymous type since I do not know the object property names at design time.

When I build the SQL I end up with something like $" c.{fieldName} {op} @_{index}" which will end up as " c.code = @_0" for example

The issue I have is I cannot create an anonymous object at runtime, such as:

queryParams = new {
    _0 = "some-code"
}

So I end up with a dictionary

queryParams = new Dictionary<string, object> 
{
    { "_0", "some-code" }
}

But when I pass this into the Query method I get an error of Parameter count mismatch

Is there a way in the current implementation that supports this?

Elfocrash commented 5 years ago

Hello @StickNitro.

Thanks for suggesting this. It is a solid feature request and I can see many people using it. I will start working on it and it will be part of the next Cosmonaut release.

StickNitro commented 5 years ago

Any idea on when this will be available, I am working on a project that will need this but may have to look at a workaround or alternative solution

Elfocrash commented 5 years ago

Can't quite say atm. I have quite the schedule ahead of me atm. Less than a month hopefully.

Elfocrash commented 5 years ago

Feature added in 2.9.0

Thanks for the request.