I use NHibernate to persist my objects.. However, I cannot seem to find any information about whether I need to encode inputs?
For example:
string firstName = TextboxFirstName.Text;
string lastName = TextboxLastName.Text;
using(ISession session = sessionFactory.OpenSession())
{
Customer customer = new Customer(firstName, lastName);
session.SaveOrUpdate(customer);
}
Do I need to encode firstName and lastName (specifically single qoutes), or does NHibernate do this for me?
A Customer instance is simply an object within your domain model. That is all it is. NHibernate is simply there behind the scenes - it is a window through which you may access your domain model.
NHibernate makes sure that your domain model is persisted correctly. It does this without you needing to do much of anything, such as encoding the string properties on your objects.
Additionally, if you are creating a new Customer instance, and you wish to inform NHibernate of the new instance, then you should use the API method ISession.Save, rather than ISession.SaveOrUpdate. The API method ISession.Save will save the new instance into the domain model (and, transparently, into the database).