-
Notifications
You must be signed in to change notification settings - Fork 146
bad habits
Charlotte Skardon edited this page Feb 7, 2023
·
4 revisions
This page shows examples of code that we've seen on projects which use Neo4jClient, but which could be written better.
This code is very unsafe:
.Where(string.Format("x.EmailAddress = '{0}'", email))or
.Where($"x.EmailAddress = '{email}'")It's open to Cypher-injection risks and encoding problems.
It's also very slow because it forces the query plan to be recompiled on every request, because the query text varies for each request.
Use a named parameter instead:
.Where("x.EmailAddress = $email")
.WithParams(new { email })Or, for simple scenarios like this, use the lambda syntax:
.Where((User x) => x.EmailAddress == email)This syntax automatically generates parameters.