Catch when the user adds too many parameters #755
Description
Say I do something silly like
var isAdmin = <result of propper auth check>
...
.SelectRaw("SUM(CASE WHEN [Books].[Preprints] > 2 THEN 1 ELSE 0 END)", 1)
.Where("User.IsAdmin", isAdmin)
...It would be nice to get an error for the mismatch in parameter counts, or if the erroneous true parameter is simply ignored.
Instead, using SqlKata.Execution 4.0.1 with the SqlServerCompiler, the compiled SQL is sent to the database, with the following named parameters:
@p0 = 1, @p1 = <result of propper auth check>
SQL Server will then use @p0 in the authcheck, and ignore @p1.
I can see that this doesn't happen in the playground, leading me to suspect a check might simply be missing in the SqlServerCompiler, or an issue introduced in a later version?
This is ofc, a user-error by the programmer, but since it may result in accidentally doing something akin to an sql injection attack, it would be great if it was handled.
I'm surprised SqlServer doesn't raise an error. Is there ever a legitimate reason to want to send more parameters than have been bound/named?