diff --git a/CometServer/Modules/10-25/ExchangeFileImportApi.cs b/CometServer/Modules/10-25/ExchangeFileImportApi.cs index b81188d4..3a2876b8 100644 --- a/CometServer/Modules/10-25/ExchangeFileImportApi.cs +++ b/CometServer/Modules/10-25/ExchangeFileImportApi.cs @@ -1077,7 +1077,7 @@ private void DropDataStoreAndPrepareNew(IDataStoreController dataStoreController connection.Open(); // Drop the existing database - using (var cmd = new NpgsqlCommand()) + using (var cmd = new NpgsqlCommand("", connection)) { this.logger.LogDebug("Drop the data store"); @@ -1085,7 +1085,8 @@ private void DropDataStoreAndPrepareNew(IDataStoreController dataStoreController cmd.Connection = connection; - cmd.CommandText = $"DROP DATABASE IF EXISTS {backtierConfig.Database};"; + cmd.CommandText = "DROP DATABASE IF EXISTS (@databaseName);"; + cmd.Parameters.AddWithValue("databaseName", backtierConfig.Database); cmd.ExecuteNonQuery(); } @@ -1096,8 +1097,8 @@ private void DropDataStoreAndPrepareNew(IDataStoreController dataStoreController this.logger.LogDebug("Drop the restore data store"); cmd.Connection = connection; - - cmd.CommandText = $"DROP DATABASE IF EXISTS {backtierConfig.DatabaseRestore};"; + cmd.CommandText = "DROP DATABASE IF EXISTS (@databaseRestoreName);"; + cmd.Parameters.AddWithValue("databaseRestoreName", backtierConfig.DatabaseRestore); cmd.ExecuteNonQuery(); } @@ -1107,8 +1108,11 @@ private void DropDataStoreAndPrepareNew(IDataStoreController dataStoreController { this.logger.LogDebug("Create the data store"); cmd.Connection = connection; - - cmd.CommandText = $"CREATE DATABASE {backtierConfig.Database} WITH OWNER = {backtierConfig.UserName} TEMPLATE = {backtierConfig.DatabaseManage} ENCODING = 'UTF8';"; + + cmd.CommandText = "CREATE DATABSE (@databaseName) WITH OWNER = (@owner) TEMPLATE = (@databaseManager) ENCODING = UTF8;"; + cmd.Parameters.AddWithValue("databaseName", backtierConfig.Database); + cmd.Parameters.AddWithValue("owner", backtierConfig.UserName); + cmd.Parameters.AddWithValue("databaseManager", backtierConfig.DatabaseManage); cmd.ExecuteNonQuery(); }