1

Resolved

Use parameters for Promotion names in StateMachineStateTracker

description

Currently using String.Format which is a security vulnerability

comments

anent wrote Jun 26, 2012 at 1:40 PM

Please fix the error with the parameter name, following is how the profiler view the statement.
The problem is the parameter name is inconsistent ->@Promotion should be -> @PromotionName. exec sp_executesql N'SELECT InstanceId, Value1
FROM [System.Activities.DurableInstancing].[InstancePromotedProperties]
WHERE PromotionName = @PromotionName
AND Value2 = @ActivityID
AND Value3 = @DisplayName;',N'@Promotion nvarchar(12),@ActivityID nvarchar(1),@DisplayName nvarchar(7)',@Promotion=N'StateTracker',@ActivityID=N'1',@DisplayName=N'WFState'

wrote Oct 31, 2012 at 6:56 PM

wrote Feb 22, 2013 at 1:08 AM

wrote May 16, 2013 at 12:27 PM

wrote May 16, 2013 at 12:27 PM

wrote Jun 14, 2013 at 8:29 AM