public override void Bad(HttpRequest req, HttpResponse resp)
        {
            string data;

            data = ""; /* Initialize data */
            /* Read data from a database */
            {
                try
                {
                    /* setup the connection */
                    using (SqlConnection connection = IO.GetDBConnection())
                    {
                        connection.Open();
                        /* prepare and execute a (hardcoded) query */
                        using (SqlCommand command = new SqlCommand(null, connection))
                        {
                            command.CommandText = "select name from users where id=0";
                            command.Prepare();
                            using (SqlDataReader dr = command.ExecuteReader())
                            {
                                /* POTENTIAL FLAW: Read data from a database query SqlDataReader */
                                data = dr.GetString(1);
                            }
                        }
                    }
                }
                catch (SqlException exceptSql)
                {
                    IO.Logger.Log(NLog.LogLevel.Warn, exceptSql, "Error with SQL statement");
                }
            }
            string[] dataArray = new string[5];
            dataArray[2] = data;
            CWE80_XSS__Web_Database_66b.BadSink(dataArray, req, resp);
        }
        /* goodG2B() - use goodsource and badsink */
        private static void GoodG2B(HttpRequest req, HttpResponse resp)
        {
            string data;

            /* FIX: Use a hardcoded string */
            data = "foo";
            string[] dataArray = new string[5];
            dataArray[2] = data;
            CWE80_XSS__Web_Database_66b.GoodG2BSink(dataArray, req, resp);
        }