public Main() { InitializeComponent(); ManagerLib.DataBaseHelper db = new ManagerLib.DataBaseHelper(); db.OpenConnection(); dgvContact.DataSource = db.ShowDataInGridView("SELECT * FROM Contact"); }
private void btAdd_Click(object sender, EventArgs e) { ManagerLib.DataBaseHelper db = new ManagerLib.DataBaseHelper(); db.OpenConnection(); //Nice awful query - score for SQL injections : 90/100 string query = "INSERT INTO Contact VALUES ('" + tbName.Text + "', '" + tbIP.Text + "', '" + tbHostName.Text + "')"; db.ExecuteQueries(query); db.CloseConnection(); }