// GET: SqlInjection/ReadOnlyUser?CategoryId=1
// Use parameterized SQL queries
public IActionResult ReadOnlyUser(string categoryId)
{
var connectionString = configuration.GetConnectionString("NorthWindReadOnly");
INorthWindRepository northwindRepo = new NorthWindRepositoryUnsafe(connectionString);
var products = northwindRepo.LoadProducts(categoryId);
ViewData["url"] = WebUtility.UrlDecode(Request.Path.ToString() + (Request.QueryString.HasValue ? Request.QueryString.Value : string.Empty));
return(View("Index", products));
}
// GET: SqlInjection/InputValidation?CategoryId=1
// Use an input view model to validate input
public IActionResult InputValidation(ProductCategoryViewModel productCategory)
{
if (ModelState.IsValid)
{
string categoryId = productCategory.CategoryId;
var connectionString = configuration.GetConnectionString("NorthWindReadWrite");
INorthWindRepository northwindRepo = new NorthWindRepositoryUnsafe(connectionString);
var products = northwindRepo.LoadProducts(categoryId);
ViewData["url"] = WebUtility.UrlDecode(Request.Path.ToString() + (Request.QueryString.HasValue ? Request.QueryString.Value : string.Empty));
return(View("Index", products));
}
else
{
return(BadRequest());
}
}