Possible SQL Injection

[fairyhunter13]

I have read your code and it is well-structured code. I learn a lot from reading your code. I see a possible bug cause of error in your GetPlayerByName method in your repository. Why don't you use a variable in SQL query, like '?', '$'? Because in the current context, your code might be injected.

[elmehdiabdi-src]

he just put exmple fast as possible he will not put this example to production! you can fix it if you want to use GetPlayerByName lol.