Click here to Skip to main content
15,904,348 members
Home / Discussions / C#
   

C#

 
AnswerRe: RestSharp poser Pin
Gerry Schmitz18-Apr-20 11:04
mveGerry Schmitz18-Apr-20 11:04 
GeneralRe: RestSharp poser Pin
pkfox18-Apr-20 22:00
professionalpkfox18-Apr-20 22:00 
QuestionStatus Of Printing Files Pin
Member 1480498517-Apr-20 2:59
Member 1480498517-Apr-20 2:59 
AnswerRe: Status Of Printing Files Pin
Richard Deeming17-Apr-20 3:51
mveRichard Deeming17-Apr-20 3:51 
QuestionJoin 3 tables error : Incorrect syntax near '.'. Pin
Member 1266420916-Apr-20 3:59
Member 1266420916-Apr-20 3:59 
AnswerRe: Join 3 tables error : Incorrect syntax near '.'. Pin
Richard Deeming16-Apr-20 4:01
mveRichard Deeming16-Apr-20 4:01 
GeneralRe: Join 3 tables error : Incorrect syntax near '.'. Pin
Member 1266420916-Apr-20 4:10
Member 1266420916-Apr-20 4:10 
GeneralRe: Join 3 tables error : Incorrect syntax near '.'. Pin
Richard Deeming16-Apr-20 4:23
mveRichard Deeming16-Apr-20 4:23 
Yes. Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Also, don't store connection, command, or data reader objects in class-level fields. Create them as local variables when they're required, and wrap them in using blocks.
C#
using (var sqlConn = new SqlConnection("..."))
using (var sqlCmd = new SqlCommand("SELECT p.pcode, p.pdesc, b.brand, c.category, p.price, p.qty FROM tblProduct as p inner join tblBrand as b on b.id = p.bid inner join tblCategory as c on c.id = p.cid where p.pdesc like @SearchProd + '%'", sqlConn))
{
    sqlCmd.Parameters.AddWithValue("@SearchProd", txtSearchProd.Text);
    
    sqlConn.Open();
    
    using (var sqlDR = sqlCmd.ExecuteReader(CommandBehavior.CloseConnection))
    {
        while (sqlDR.Read())
        {
            i++;
            dgvProduct.Rows.Add(i, sqlDR[0].ToString(), sqlDR[1].ToString(), sqlDR[2].ToString(), sqlDR[3].ToString(), sqlDR[4].ToString(), sqlDR[5].ToString());
        }
    }
}

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]



"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer

GeneralRe: Join 3 tables error : Incorrect syntax near '.'. Pin
Member 1266420916-Apr-20 5:07
Member 1266420916-Apr-20 5:07 
GeneralRe: Join 3 tables error : Incorrect syntax near '.'. Pin
Richard Deeming16-Apr-20 5:10
mveRichard Deeming16-Apr-20 5:10 
GeneralRe: Join 3 tables error : Incorrect syntax near '.'. Pin
OriginalGriff16-Apr-20 5:37
mveOriginalGriff16-Apr-20 5:37 
Questionfilling a column with property value of object Pin
Aresto196414-Apr-20 20:39
Aresto196414-Apr-20 20:39 
AnswerRe: filling a column with property value of object Pin
joost.versteegen14-Apr-20 20:52
joost.versteegen14-Apr-20 20:52 
GeneralRe: filling a column with property value of object Pin
Aresto196415-Apr-20 3:33
Aresto196415-Apr-20 3:33 
AnswerRe: filling a column with property value of object Pin
OriginalGriff14-Apr-20 21:34
mveOriginalGriff14-Apr-20 21:34 
QuestionTarga files displayed in openFileDialog Pin
MikeBr13-Apr-20 22:26
MikeBr13-Apr-20 22:26 
AnswerRe: Targa files displayed in openFileDialog Pin
OriginalGriff13-Apr-20 23:19
mveOriginalGriff13-Apr-20 23:19 
AnswerRe: Targa files displayed in openFileDialog Pin
Richard Deeming14-Apr-20 0:15
mveRichard Deeming14-Apr-20 0:15 
AnswerRe: Targa files displayed in openFileDialog Pin
Dave Kreskowiak14-Apr-20 4:37
mveDave Kreskowiak14-Apr-20 4:37 
QuestionProgramming Tcp with C# Pin
Member 1478193513-Apr-20 21:13
Member 1478193513-Apr-20 21:13 
AnswerRe: Programming Tcp with C# Pin
OriginalGriff13-Apr-20 21:25
mveOriginalGriff13-Apr-20 21:25 
GeneralRe: Programming Tcp with C# Pin
Member 1478193519-Apr-20 3:24
Member 1478193519-Apr-20 3:24 
QuestionSaving usercontrol design-time properties Pin
Crazy Joe Devola13-Apr-20 14:49
Crazy Joe Devola13-Apr-20 14:49 
AnswerRe: Saving usercontrol design-time properties Pin
OriginalGriff13-Apr-20 20:00
mveOriginalGriff13-Apr-20 20:00 
AnswerRe: Saving usercontrol design-time properties Pin
Richard Deeming14-Apr-20 0:13
mveRichard Deeming14-Apr-20 0:13 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.