How can one execute a FetchXML query with parameters and prevent an injection attack from occurring when executing the query using the CRM SDK? For example, MSDN documentation at
https://msdn.microsoft.com/en-us/library/gg328117.aspx shows this code:
string fetch2 = @"
<fetch mapping='logical'>
<entity name='account'>
<attribute name='accountid'/>
<attribute name='name'/>
<link-entity name='systemuser' to='owninguser'>
<filter type='and'>
<condition attribute='lastname' operator='ne' value='Cannon' />
</filter>
</link-entity>
</entity>
</fetch> ";
If one wanted to make the lastname attribute in the condition a parameter, how can this be done safely? I consider anything that takes a value and embeds this into the XML string using string formatting an invalid solution that is prone to changing
the query semantics and could result in a different query being performed than intended.
