// GET: CodeInjection public IActionResult Index() { var connectionString = configuration.GetConnectionString("NorthWindReadOnly"); INorthWindRepository northwindRepo = new NorthWindRepositorySafe(connectionString); var customers = northwindRepo.LoadCustomers(); ViewData["url"] = WebUtility.UrlDecode(Request.Path.ToString() + (Request.QueryString.HasValue ? Request.QueryString.Value : string.Empty)); return(View("Index", customers)); }
// GET: SqlInjection/SqlParameters?CategoryId=1 // Use parameterized SQL queries public IActionResult SqlParameters(string categoryId) { var connectionString = configuration.GetConnectionString("NorthWindReadWrite"); INorthWindRepository northwindRepo = new NorthWindRepositorySafe(connectionString); var products = northwindRepo.LoadProducts(categoryId); ViewData["url"] = WebUtility.UrlDecode(Request.Path.ToString() + (Request.QueryString.HasValue ? Request.QueryString.Value : string.Empty)); return(View("Index", products)); }
// GET: CodeInjection/Edit/5 public IActionResult Edit(string id) { if (string.IsNullOrWhiteSpace(id) || id.Length > 5) { return(BadRequest()); } var connectionString = configuration.GetConnectionString("NorthWindReadOnly"); INorthWindRepository northwindRepo = new NorthWindRepositorySafe(connectionString); var customerViewModel = northwindRepo.LoadCustomerById(id).ToViewModel(); ViewData["url"] = WebUtility.UrlDecode(Request.Path.ToString() + (Request.QueryString.HasValue ? Request.QueryString.Value : string.Empty)); return(View("Edit", customerViewModel)); }
// GET: SqlInjection/Safe?CategoryId=1 public IActionResult Safe(ProductCategoryViewModel productCategory) { if (ModelState.IsValid) { string categoryId = productCategory.CategoryId; var connectionString = configuration.GetConnectionString("NorthWindReadOnly"); INorthWindRepository northwindRepo = new NorthWindRepositorySafe(connectionString); var products = northwindRepo.LoadProducts(categoryId); ViewData["url"] = WebUtility.UrlDecode(Request.Path.ToString() + (Request.QueryString.HasValue ? Request.QueryString.Value : string.Empty)); return(View("Index", products)); } else { return(BadRequest()); } }
public IActionResult Edit([Bind("CustomerId,CompanyName,ContactName,ContactTitle,Address,City,Region,PostalCode,Country,Phone,Fax")] CustomerViewModel customerViewModel) { if (!ModelState.IsValid) { return(BadRequest()); } try { // TODO: Add update logic here var connectionString = configuration.GetConnectionString("NorthWindReadWrite"); INorthWindRepository northwindRepo = new NorthWindRepositorySafe(connectionString); northwindRepo.SaveCustomer(customerViewModel.ToDomainModel()); return(RedirectToAction("Index")); } catch { return(View()); } }