Obsolete literal AddColumn

SqlInsert/UpdateBuilder AddColumn overloads taking a value have a SQL injection vulnerability, and have no usage.

Author: fredericDelaporte

src/NHibernate.Test/SqlCommandTest/SqlInsertBuilderFixture.cs

@@ -26,7 +26,9 @@ public void InsertSqlStringTest()
 
 			insert.AddColumn("intColumn", NHibernateUtil.Int32);
 			insert.AddColumn("longColumn", NHibernateUtil.Int64);
+#pragma warning disable CS0618 // Type or member is obsolete
 			insert.AddColumn("literalColumn", false, (ILiteralType) NHibernateUtil.Boolean);
+#pragma warning restore CS0618 // Type or member is obsolete
 			insert.AddColumn("stringColumn", 5.ToString());
 
 			SqlCommandInfo sqlCommand = insert.ToSqlCommandInfo();
@@ -53,7 +55,9 @@ public void Commented()
 
 			insert.SetTableName("test_insert_builder");
 
+#pragma warning disable CS0618 // Type or member is obsolete
 			insert.AddColumn("stringColumn", "aSQLValue", (ILiteralType)NHibernateUtil.String);
+#pragma warning restore CS0618 // Type or member is obsolete
 			insert.SetComment("Test insert");
 			string expectedSql =
 	"/* Test insert */ INSERT INTO test_insert_builder (stringColumn) VALUES ('aSQLValue')";
@@ -71,7 +75,9 @@ public void MixingParametersAndValues()
 
 			insert.SetTableName("test_insert_builder");
 
+#pragma warning disable CS0618 // Type or member is obsolete
 			insert.AddColumn("literalColumn", false, (ILiteralType)NHibernateUtil.Boolean);
+#pragma warning restore CS0618 // Type or member is obsolete
 			insert.AddColumn("intColumn", NHibernateUtil.Int32);
 			insert.AddColumn("stringColumn", 5.ToString());
 			insert.AddColumn("longColumn", NHibernateUtil.Int64);
@@ -89,4 +95,4 @@ public void MixingParametersAndValues()
 			Assert.AreEqual(SqlTypeFactory.Int64, actualParameterTypes[1], "Second Parameter Type");			
 		}
 	}
-}
+}

src/NHibernate.Test/SqlCommandTest/SqlUpdateBuilderFixture.cs

@@ -28,7 +28,9 @@ public void UpdateStringSqlTest()
 
 			update.AddColumns(new string[] {"intColumn"}, NHibernateUtil.Int32);
 			update.AddColumns(new string[] {"longColumn"}, NHibernateUtil.Int64);
+#pragma warning disable CS0618 // Type or member is obsolete
 			update.AddColumn("literalColumn", false, (ILiteralType) NHibernateUtil.Boolean);
+#pragma warning restore CS0618 // Type or member is obsolete
 			update.AddColumn("stringColumn", 5.ToString());
 
 			update.SetIdentityColumn(new string[] {"decimalColumn"}, NHibernateUtil.Decimal);
@@ -60,4 +62,4 @@ public void UpdateStringSqlTest()
 			Assert.AreEqual(expectedParameterTypes[3], actualParameterTypes[3], "fourthParam Type");
 		}
 	}
-}
+}

src/NHibernate/SqlCommand/SqlInsertBuilder.cs

@@ -66,6 +66,8 @@ public virtual SqlInsertBuilder AddColumn(string columnName, IType propertyType)
 		/// <param name="val">The value to set for the column.</param>
 		/// <param name="literalType">The NHibernateType to use to convert the value to a sql string.</param>
 		/// <returns>The SqlInsertBuilder.</returns>
+		// Since v5.6
+		[Obsolete("This method is unsafe and has no more usages. Use the overload with a property type and use a parameterized query.")]
 		public SqlInsertBuilder AddColumn(string columnName, object val, ILiteralType literalType)
 		{
 			return AddColumn(columnName, literalType.ObjectToSQLString(val, Dialect));

src/NHibernate/SqlCommand/SqlUpdateBuilder.cs

@@ -47,6 +47,8 @@ public SqlUpdateBuilder SetComment(string comment)
 		/// <param name="val">The value to set for the column.</param>
 		/// <param name="literalType">The NHibernateType to use to convert the value to a sql string.</param>
 		/// <returns>The SqlUpdateBuilder.</returns>
+		// Since v5.6
+		[Obsolete("This method is unsafe and has no more usages. Use the overload with a property type and use a parameterized query.")]
 		public SqlUpdateBuilder AddColumn(string columnName, object val, ILiteralType literalType)
 		{
 			return AddColumn(columnName, literalType.ObjectToSQLString(val, Dialect));