Fluent nhibernate: problem in where clause

Question

Hi, I am using fluent nhibernate.

I have written a piece of code like,

var data = session.CreateCriteria(typeof(CustomerNameValueList))
                        .Add(Expression.Eq("CustomerId","3"))
                        .List<CustomerNameValueList>();

but the query generated by nhibernate is looks like

select column1,column2,column3 from table where CustomerId=?

problem is with "customerId=?" expeted : CustomerId=3"

why customerId=? rather than customerId=3

please help me.

Answer 1

There is nothing wrong with this query. The '?' in the log will be substituted with the string value of "3". If your column type is actually an int you may have a problem here. The parameterization of the query is what you want to protect you against SQL injection attacks. If the generated query had CustomerId='3' as you were expect and the '3' came from a textbox on a web page, then it would be possible to inject more SQL such as '3' DELETE FROM MyUserTable.