int inc = 0; // uses to increment or to change current row number
private void Form1_Load(object sender, EventArgs e)
{ // instantiating SqlCeConnection object
con = new System.Data.SqlServerCe.SqlCeConnection();
// holds location of the database
con.ConnectionString = "Data Source=C:\\Users\\131311399\\Documents\\databases\\Employees.sdf";
// opens connection
con.Open();
// holds SQL query
String sql = "SELECT * from tbl_employees";
// used to fill the DataSet with records from the database
da = new System.Data.SqlServerCe.SqlCeDataAdapter(sql, con);
MessageBox.Show("Connection open.");
// fills DataSet ds1 with table named "Workers"
da.Fill(ds1, "Workers");
// calls NavigateRecords() method
NavigateRecords();
// counts number of rows in DataSet ds1
MaxRows = ds1.Tables["Workers"].Rows.Count;
// calls countRecord() to display record number currently displayed
countRecord();
// closes connection
con.Close();
}
/* This method perform connection to the database
*
* and pull records from the database into a DataSet object
*/
private System.Data.DataSet MyDataSet()
{
System.Data.SqlServerCe.SqlCeConnection con = new System.Data.SqlServerCe.SqlCeConnection(strCon);
con.Open();
da_1 = new System.Data.SqlServerCe.SqlCeDataAdapter(sql_string, con);
dat_set = new System.Data.DataSet();
da_1.Fill(dat_set, "Default Table");
con.Close();
return(dat_set);
}
private void PopulateDataSets()
{
System.Data.SqlServerCe.SqlCeConnection con = new System.Data.SqlServerCe.SqlCeConnection();
System.Data.SqlServerCe.SqlCeDataAdapter daHangmanDB;
DataRow drow;
DataSet dsWordlist = new DataSet();
con.ConnectionString = "Data Source=HangmanDB.sdf";
con.Open();
daHangmanDB = new System.Data.SqlServerCe.SqlCeDataAdapter("SELECT * From Wordlist", con);
daHangmanDB.Fill(dsWordlist, "Wordlist");
con.Close();
for (int i = 0; i < dsWordlist.Tables["Wordlist"].Rows.Count; ++i)
{
drow = dsWordlist.Tables["Wordlist"].Rows[i];
wordlist.Add(new WordInfo { ID = System.Convert.ToInt32(drow[0]), Cat = drow[1].ToString(), Words = drow[2].ToString() });
}
HashSet<String> categories = new HashSet<String>(); //unique list of categories
foreach (WordInfo wordinf in wordlist) categories.Add(wordinf.Cat);
comboBoxCategories.DataSource = categories.ToList();
return;
}
private void InitAdapter()
{
this._adapter = new System.Data.SqlServerCe.SqlCeDataAdapter();
System.Data.Common.DataTableMapping tableMapping = new System.Data.Common.DataTableMapping();
tableMapping.SourceTable = "Table";
tableMapping.DataSetTable = "VoiceNote";
tableMapping.ColumnMappings.Add("Key", "Key");
tableMapping.ColumnMappings.Add("Data", "Data");
tableMapping.ColumnMappings.Add("Date", "Date");
this._adapter.TableMappings.Add(tableMapping);
this._adapter.DeleteCommand = new System.Data.SqlServerCe.SqlCeCommand();
this._adapter.DeleteCommand.Connection = this.Connection;
this._adapter.DeleteCommand.CommandText = "DELETE FROM [VoiceNote] WHERE (([Key] = @p1))";
this._adapter.DeleteCommand.CommandType = System.Data.CommandType.Text;
System.Data.SqlServerCe.SqlCeParameter param = new System.Data.SqlServerCe.SqlCeParameter();
param.ParameterName = "@p1";
param.DbType = System.Data.DbType.Guid;
param.IsNullable = true;
param.SourceColumn = "Key";
param.SourceVersion = System.Data.DataRowVersion.Original;
this._adapter.DeleteCommand.Parameters.Add(param);
this._adapter.InsertCommand = new System.Data.SqlServerCe.SqlCeCommand();
this._adapter.InsertCommand.Connection = this.Connection;
this._adapter.InsertCommand.CommandText = "INSERT INTO [VoiceNote] ([Key], [Data], [Date]) VALUES (@p1, @p2, @p3)";
this._adapter.InsertCommand.CommandType = System.Data.CommandType.Text;
param = new System.Data.SqlServerCe.SqlCeParameter();
param.ParameterName = "@p1";
param.DbType = System.Data.DbType.Guid;
param.IsNullable = true;
param.SourceColumn = "Key";
this._adapter.InsertCommand.Parameters.Add(param);
param = new System.Data.SqlServerCe.SqlCeParameter();
param.ParameterName = "@p2";
param.DbType = System.Data.DbType.Binary;
param.IsNullable = true;
param.SourceColumn = "Data";
this._adapter.InsertCommand.Parameters.Add(param);
param = new System.Data.SqlServerCe.SqlCeParameter();
param.ParameterName = "@p3";
param.DbType = System.Data.DbType.DateTime;
param.IsNullable = true;
param.SourceColumn = "Date";
this._adapter.InsertCommand.Parameters.Add(param);
this._adapter.UpdateCommand = new System.Data.SqlServerCe.SqlCeCommand();
this._adapter.UpdateCommand.Connection = this.Connection;
this._adapter.UpdateCommand.CommandText = "UPDATE [VoiceNote] SET [Key] = @p1, [Data] = @p2, [Date] = @p3 WHERE (([Key] = @p" +
"4))";
this._adapter.UpdateCommand.CommandType = System.Data.CommandType.Text;
param = new System.Data.SqlServerCe.SqlCeParameter();
param.ParameterName = "@p1";
param.DbType = System.Data.DbType.Guid;
param.IsNullable = true;
param.SourceColumn = "Key";
this._adapter.UpdateCommand.Parameters.Add(param);
param = new System.Data.SqlServerCe.SqlCeParameter();
param.ParameterName = "@p2";
param.DbType = System.Data.DbType.Binary;
param.IsNullable = true;
param.SourceColumn = "Data";
this._adapter.UpdateCommand.Parameters.Add(param);
param = new System.Data.SqlServerCe.SqlCeParameter();
param.ParameterName = "@p3";
param.DbType = System.Data.DbType.DateTime;
param.IsNullable = true;
param.SourceColumn = "Date";
this._adapter.UpdateCommand.Parameters.Add(param);
param = new System.Data.SqlServerCe.SqlCeParameter();
param.ParameterName = "@p4";
param.DbType = System.Data.DbType.Guid;
param.IsNullable = true;
param.SourceColumn = "Key";
param.SourceVersion = System.Data.DataRowVersion.Original;
this._adapter.UpdateCommand.Parameters.Add(param);
}
void BadQueries(string name, string password)
{
var command1 = new System.Data.Odbc.OdbcCommand("SELECT AccountNumber FROM Users " + // Noncompliant {{Make sure to sanitize the parameters of this SQL command.}}
// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
"WHERE Username='******' AND Password='******'");
command1.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant
// ^^^^^^^^^^^^^^^^^^^^
"WHERE Username='******' AND Password='******'";
var command2 = new System.Data.Odbc.OdbcDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'", "");
var command3 = new System.Data.OleDb.OleDbCommand("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'");
command3.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'";
var command4 = new System.Data.OleDb.OleDbDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'", "");
var command5 = new Oracle.ManagedDataAccess.Client.OracleCommand("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'");
command5.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'";
var command6 = new Oracle.ManagedDataAccess.Client.OracleDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'", "");
var command7 = new System.Data.SqlServerCe.SqlCeCommand("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'");
command7.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'";
var command8 = new System.Data.SqlServerCe.SqlCeDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'", "");
var command9 = new System.Data.SqlClient.SqlCommand("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'");
command9.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'";
var command10 = new System.Data.SqlClient.SqlDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'", "");
}
