What Changed
We added validation for properties of the String and Byte[] types. When XPO saves a modified or new object to the database, it throws an OverflowException if a String or Byte[] value length exceeds the maximum size.
The following attributes specify the maximum size for a property:
- Size, specifies the maximum number of characters for properties of a String type.
- DbType, specifies the database type of a property. The database type can include the maximum size.
The default maximum size for properties of the String type is 100. The default maximum size for properties of the Byte[] type is unlimited.
Reasons for Change
Not all databases throw an exception if a parameter size exceeds the DB column size. Some databases silently truncate the value, and users lose their data.
Impact on Existing Apps
If your application already validates the user input, this change does not affect you.
Previously, XPO passed values to the database without any validation. If an UPDATE or INSERT operation failed, XPO threw SqlExecutionErrorException. If you have code that handles SqlExecutionErrorException, it will be necessary to catch OverflowException as well.
If you encounter an unhandled OverflowException, your database likely silently truncates values. We suggest adding validation to prevent possible data loss.
How to Revert to Previous Behavior
To turn off typed parameters, set the ConnectionProviderSql.QueryParameterMode field or ConnectionProviderSql.GlobalQueryParameterMode static field to Legacy. Take note of the following limitations in this case.
- The Always Encrypted feature will be unavailable.
- Performance optimization for null value parameters will be disabled (XPO will use v19.2 implementation instead of newer code).
- Future performance optimizations may not be supported.
Changes in v20.1.4
Although this size check in SELECT statements is also required for a highly requested Always Encrypted feature, we see that this may be considered as an issue for other configurations. OverflowException may also be thrown for SELECT statements if properties are smaller than query parameters:
C#Session.FindObject<PersistentClass1>(
CriteriaOperator.Parse("PropertySize5=? || PropertySize10=?", TooLongString, TooLongString));
We softened default parameter validation with regard to SELECT, UPDATE, and INSERT statements in our v20.1.4 release. For more information, see XPO - Too strict default query parameter validation in v20.1.3.
See Also
Search Keywords
"System.OverflowException: 'Could not create parameter '@pN'. SQL: insert/select into X values(@p0,…@pN). The value length (Y) exceeds parameter size (Z).'"