I am writing this module to dynamically create Entity SQL query which go against the Entity Framework.
To prevent SQL injection, instead of directly concatenating the string I am passing the values for the where clause using the array of ObjectParameter[].

Since I am dynamically creating the Parameter array in order to create a unique parameter key for every value I used the logic to concatenate the field names and add an integer to it.

So if the field was City, the parameter key would be “City1″
If the field was Address.Phone.HomePhoneNumber, the parameter key would be “AddressPhoneHomePhoneNumber1″. The key doesn’t allow dpts “.”, so have to remove them too.

On one such query I found out that I kept getting an error every time I executed it. The error was the generic ListDictionary error:
“System.ArgumentException : An item with the same key has already been added”

I confirmed and re-confirmed that the parameters I was adding had unique keys and they were all new parameters (sometimes these objects just clone instead ofcreating new). I confirmed that the resulting DbDataRecord had unique rows. After 4 hours of debug and deliberation I finally found out what the problem was.

The ObjectParameter key (name property) allows only 30 characters !!

There is no error if you add a key which is greater than 30 characters in length, it just cuts the key and adds the first 30 characters. So when the keys I was creating got to a length greater than 30 the keys were just getting cut to 30 and were getting added as duplicates !

So if any of you getting the same error while using ObjectParameters bear in mind, keys(name) length = 30 !