// GET: CodeInjection
public IActionResult Index()
{
var connectionString = configuration.GetConnectionString("NorthWindReadOnly");
INorthWindRepository northwindRepo = new NorthWindRepositorySafe(connectionString);
var customers = northwindRepo.LoadCustomers();
ViewData["url"] = WebUtility.UrlDecode(Request.Path.ToString() + (Request.QueryString.HasValue ? Request.QueryString.Value : string.Empty));
return(View("Index", customers));
}
// GET: SqlInjection/SqlParameters?CategoryId=1
// Use parameterized SQL queries
public IActionResult SqlParameters(string categoryId)
{
var connectionString = configuration.GetConnectionString("NorthWindReadWrite");
INorthWindRepository northwindRepo = new NorthWindRepositorySafe(connectionString);
var products = northwindRepo.LoadProducts(categoryId);
ViewData["url"] = WebUtility.UrlDecode(Request.Path.ToString() + (Request.QueryString.HasValue ? Request.QueryString.Value : string.Empty));
return(View("Index", products));
}
// GET: CodeInjection/Edit/5
public IActionResult Edit(string id)
{
if (string.IsNullOrWhiteSpace(id) || id.Length > 5)
{
return(BadRequest());
}
var connectionString = configuration.GetConnectionString("NorthWindReadOnly");
INorthWindRepository northwindRepo = new NorthWindRepositorySafe(connectionString);
var customerViewModel = northwindRepo.LoadCustomerById(id).ToViewModel();
ViewData["url"] = WebUtility.UrlDecode(Request.Path.ToString() + (Request.QueryString.HasValue ? Request.QueryString.Value : string.Empty));
return(View("Edit", customerViewModel));
}
// GET: SqlInjection/Safe?CategoryId=1
public IActionResult Safe(ProductCategoryViewModel productCategory)
{
if (ModelState.IsValid)
{
string categoryId = productCategory.CategoryId;
var connectionString = configuration.GetConnectionString("NorthWindReadOnly");
INorthWindRepository northwindRepo = new NorthWindRepositorySafe(connectionString);
var products = northwindRepo.LoadProducts(categoryId);
ViewData["url"] = WebUtility.UrlDecode(Request.Path.ToString() + (Request.QueryString.HasValue ? Request.QueryString.Value : string.Empty));
return(View("Index", products));
}
else
{
return(BadRequest());
}
}
public IActionResult Edit([Bind("CustomerId,CompanyName,ContactName,ContactTitle,Address,City,Region,PostalCode,Country,Phone,Fax")] CustomerViewModel customerViewModel)
{
if (!ModelState.IsValid)
{
return(BadRequest());
}
try
{
// TODO: Add update logic here
var connectionString = configuration.GetConnectionString("NorthWindReadWrite");
INorthWindRepository northwindRepo = new NorthWindRepositorySafe(connectionString);
northwindRepo.SaveCustomer(customerViewModel.ToDomainModel());
return(RedirectToAction("Index"));
}
catch
{
return(View());
}
}