Esempio n. 1
0
        public Main()
        {
            InitializeComponent();

            ManagerLib.DataBaseHelper db = new ManagerLib.DataBaseHelper();

            db.OpenConnection();

            dgvContact.DataSource = db.ShowDataInGridView("SELECT * FROM Contact");
        }
        private void btAdd_Click(object sender, EventArgs e)
        {
            ManagerLib.DataBaseHelper db = new ManagerLib.DataBaseHelper();

            db.OpenConnection();

            //Nice awful query - score for SQL injections : 90/100
            string query = "INSERT INTO Contact VALUES ('" + tbName.Text + "', '" + tbIP.Text + "', '" + tbHostName.Text + "')";

            db.ExecuteQueries(query);

            db.CloseConnection();
        }