public ActionResult Table(string table_name, string db_name = null, string order = null) { if (table_name.Contains(";") || table_name.Contains("--") || table_name.Contains(" ")) { return(null); } DersaSqlManager M = new DersaSqlManager(); if (db_name != null) { M.SetDatabaseName(db_name); } string query = string.Format("select top 1000 * from {0}(nolock)", table_name); if (!string.IsNullOrEmpty(order)) { order = order.Replace(" desc", "____desc"); if (order.Contains(";") || order.Contains("--") || order.Contains(" ")) { return(null); } order = order.Replace("____desc", " desc"); query += (" order by " + order); } System.Data.DataTable T = M.ExecSql(query, null, true);//.GetSqlObject(table_name, "", 1000);//ObjectMethods.ExecProc("REPORT$WorkplaceList"); return(View(T)); }