1

Resolved

Use parameters for Promotion names in StateMachineStateTracker

description

Currently using String.Format which is a security vulnerability

comments

anent wrote Jun 26, 2012 at 12:40 PM

Please fix the error with the parameter name, following is how the profiler view the statement.
The problem is the parameter name is inconsistent ->@Promotion should be -> @PromotionName. exec sp_executesql N'SELECT InstanceId, Value1
FROM [System.Activities.DurableInstancing].[InstancePromotedProperties]
WHERE PromotionName = @PromotionName
AND Value2 = @ActivityID
AND Value3 = @DisplayName;',N'@Promotion nvarchar(12),@ActivityID nvarchar(1),@DisplayName nvarchar(7)',@Promotion=N'StateTracker',@ActivityID=N'1',@DisplayName=N'WFState'

wrote Oct 31, 2012 at 5:56 PM

wrote Feb 22, 2013 at 12:08 AM

wrote May 16, 2013 at 11:27 AM

wrote May 16, 2013 at 11:27 AM

wrote Jun 14, 2013 at 7:29 AM