Possible SQL Injection

I have read your code and it is well-structured code. I learn a lot from reading your code. I see a possible bug cause of error in your `GetPlayerByName` method in your repository. Why don't you use a variable in SQL query, like '?', '$'? Because in the current context, your code might be injected.