示例#1
0
        int inc     = 0;    // uses to increment or to change current row number

        private void Form1_Load(object sender, EventArgs e)
        {   // instantiating SqlCeConnection object
            con = new System.Data.SqlServerCe.SqlCeConnection();

            // holds location of the database
            con.ConnectionString = "Data Source=C:\\Users\\131311399\\Documents\\databases\\Employees.sdf";

            // opens connection
            con.Open();

            // holds SQL query
            String sql = "SELECT * from tbl_employees";

            // used to fill the DataSet with records from the database
            da = new System.Data.SqlServerCe.SqlCeDataAdapter(sql, con);

            MessageBox.Show("Connection open.");

            // fills DataSet ds1 with table named "Workers"
            da.Fill(ds1, "Workers");

            // calls NavigateRecords() method
            NavigateRecords();

            // counts number of rows in DataSet ds1
            MaxRows = ds1.Tables["Workers"].Rows.Count;

            // calls countRecord() to display record number currently displayed
            countRecord();

            // closes connection
            con.Close();
        }
示例#2
0
        /*  This method perform connection to the database
         *
         *  and pull records from the database into a DataSet object
         */

        private System.Data.DataSet MyDataSet()

        {
            System.Data.SqlServerCe.SqlCeConnection con = new System.Data.SqlServerCe.SqlCeConnection(strCon);

            con.Open();

            da_1 = new System.Data.SqlServerCe.SqlCeDataAdapter(sql_string, con);

            dat_set = new System.Data.DataSet();
            da_1.Fill(dat_set, "Default Table");

            con.Close();

            return(dat_set);
        }
示例#3
0
        private void PopulateDataSets()
        {
            System.Data.SqlServerCe.SqlCeConnection con = new System.Data.SqlServerCe.SqlCeConnection();
            System.Data.SqlServerCe.SqlCeDataAdapter daHangmanDB;
            DataRow drow;
            DataSet dsWordlist = new DataSet();
            con.ConnectionString = "Data Source=HangmanDB.sdf";

            con.Open();
            daHangmanDB = new System.Data.SqlServerCe.SqlCeDataAdapter("SELECT * From Wordlist", con);
            daHangmanDB.Fill(dsWordlist, "Wordlist");
            con.Close();

            for (int i = 0; i < dsWordlist.Tables["Wordlist"].Rows.Count; ++i)
            {
                drow = dsWordlist.Tables["Wordlist"].Rows[i];
                wordlist.Add(new WordInfo { ID = System.Convert.ToInt32(drow[0]), Cat = drow[1].ToString(), Words = drow[2].ToString() });
            }

            HashSet<String> categories = new HashSet<String>(); //unique list of categories
            foreach (WordInfo wordinf in wordlist) categories.Add(wordinf.Cat);
            comboBoxCategories.DataSource = categories.ToList();
            return;
        }
 private void InitAdapter()
 {
     this._adapter = new System.Data.SqlServerCe.SqlCeDataAdapter();
     System.Data.Common.DataTableMapping tableMapping = new System.Data.Common.DataTableMapping();
     tableMapping.SourceTable  = "Table";
     tableMapping.DataSetTable = "VoiceNote";
     tableMapping.ColumnMappings.Add("Key", "Key");
     tableMapping.ColumnMappings.Add("Data", "Data");
     tableMapping.ColumnMappings.Add("Date", "Date");
     this._adapter.TableMappings.Add(tableMapping);
     this._adapter.DeleteCommand             = new System.Data.SqlServerCe.SqlCeCommand();
     this._adapter.DeleteCommand.Connection  = this.Connection;
     this._adapter.DeleteCommand.CommandText = "DELETE FROM [VoiceNote] WHERE (([Key] = @p1))";
     this._adapter.DeleteCommand.CommandType = System.Data.CommandType.Text;
     System.Data.SqlServerCe.SqlCeParameter param = new System.Data.SqlServerCe.SqlCeParameter();
     param.ParameterName = "@p1";
     param.DbType        = System.Data.DbType.Guid;
     param.IsNullable    = true;
     param.SourceColumn  = "Key";
     param.SourceVersion = System.Data.DataRowVersion.Original;
     this._adapter.DeleteCommand.Parameters.Add(param);
     this._adapter.InsertCommand             = new System.Data.SqlServerCe.SqlCeCommand();
     this._adapter.InsertCommand.Connection  = this.Connection;
     this._adapter.InsertCommand.CommandText = "INSERT INTO [VoiceNote] ([Key], [Data], [Date]) VALUES (@p1, @p2, @p3)";
     this._adapter.InsertCommand.CommandType = System.Data.CommandType.Text;
     param = new System.Data.SqlServerCe.SqlCeParameter();
     param.ParameterName = "@p1";
     param.DbType        = System.Data.DbType.Guid;
     param.IsNullable    = true;
     param.SourceColumn  = "Key";
     this._adapter.InsertCommand.Parameters.Add(param);
     param = new System.Data.SqlServerCe.SqlCeParameter();
     param.ParameterName = "@p2";
     param.DbType        = System.Data.DbType.Binary;
     param.IsNullable    = true;
     param.SourceColumn  = "Data";
     this._adapter.InsertCommand.Parameters.Add(param);
     param = new System.Data.SqlServerCe.SqlCeParameter();
     param.ParameterName = "@p3";
     param.DbType        = System.Data.DbType.DateTime;
     param.IsNullable    = true;
     param.SourceColumn  = "Date";
     this._adapter.InsertCommand.Parameters.Add(param);
     this._adapter.UpdateCommand             = new System.Data.SqlServerCe.SqlCeCommand();
     this._adapter.UpdateCommand.Connection  = this.Connection;
     this._adapter.UpdateCommand.CommandText = "UPDATE [VoiceNote] SET [Key] = @p1, [Data] = @p2, [Date] = @p3 WHERE (([Key] = @p" +
                                               "4))";
     this._adapter.UpdateCommand.CommandType = System.Data.CommandType.Text;
     param = new System.Data.SqlServerCe.SqlCeParameter();
     param.ParameterName = "@p1";
     param.DbType        = System.Data.DbType.Guid;
     param.IsNullable    = true;
     param.SourceColumn  = "Key";
     this._adapter.UpdateCommand.Parameters.Add(param);
     param = new System.Data.SqlServerCe.SqlCeParameter();
     param.ParameterName = "@p2";
     param.DbType        = System.Data.DbType.Binary;
     param.IsNullable    = true;
     param.SourceColumn  = "Data";
     this._adapter.UpdateCommand.Parameters.Add(param);
     param = new System.Data.SqlServerCe.SqlCeParameter();
     param.ParameterName = "@p3";
     param.DbType        = System.Data.DbType.DateTime;
     param.IsNullable    = true;
     param.SourceColumn  = "Date";
     this._adapter.UpdateCommand.Parameters.Add(param);
     param = new System.Data.SqlServerCe.SqlCeParameter();
     param.ParameterName = "@p4";
     param.DbType        = System.Data.DbType.Guid;
     param.IsNullable    = true;
     param.SourceColumn  = "Key";
     param.SourceVersion = System.Data.DataRowVersion.Original;
     this._adapter.UpdateCommand.Parameters.Add(param);
 }
示例#5
0
        void BadQueries(string name, string password)
        {
            var command1 = new System.Data.Odbc.OdbcCommand("SELECT AccountNumber FROM Users " + // Noncompliant {{Make sure to sanitize the parameters of this SQL command.}}
//                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                                                            "WHERE Username='******' AND Password='******'");

            command1.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant
//          ^^^^^^^^^^^^^^^^^^^^
                                   "WHERE Username='******' AND Password='******'";

            var command2 = new System.Data.Odbc.OdbcDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant
                                                                "WHERE Username='******' AND Password='******'", "");

            var command3 = new System.Data.OleDb.OleDbCommand("SELECT AccountNumber FROM Users " + // Noncompliant
                                                              "WHERE Username='******' AND Password='******'");

            command3.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant
                                   "WHERE Username='******' AND Password='******'";

            var command4 = new System.Data.OleDb.OleDbDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant
                                                                  "WHERE Username='******' AND Password='******'", "");

            var command5 = new Oracle.ManagedDataAccess.Client.OracleCommand("SELECT AccountNumber FROM Users " + // Noncompliant
                                                                             "WHERE Username='******' AND Password='******'");

            command5.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant
                                   "WHERE Username='******' AND Password='******'";

            var command6 = new Oracle.ManagedDataAccess.Client.OracleDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant
                                                                                 "WHERE Username='******' AND Password='******'", "");

            var command7 = new System.Data.SqlServerCe.SqlCeCommand("SELECT AccountNumber FROM Users " + // Noncompliant
                                                                    "WHERE Username='******' AND Password='******'");

            command7.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant
                                   "WHERE Username='******' AND Password='******'";

            var command8 = new System.Data.SqlServerCe.SqlCeDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant
                                                                        "WHERE Username='******' AND Password='******'", "");

            var command9 = new System.Data.SqlClient.SqlCommand("SELECT AccountNumber FROM Users " + // Noncompliant
                                                                "WHERE Username='******' AND Password='******'");

            command9.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant
                                   "WHERE Username='******' AND Password='******'";

            var command10 = new System.Data.SqlClient.SqlDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant
                                                                     "WHERE Username='******' AND Password='******'", "");
        }