Click here to Skip to main content
14,356,466 members
   

ASP.NET

 
GeneralRe: Not declared or inaccessible due to protection levels - VS 2017 errors Pin
Member 876166718-Mar-19 11:52
memberMember 876166718-Mar-19 11:52 
GeneralRe: Not declared or inaccessible due to protection levels - VS 2017 errors Pin
Richard Deeming19-Mar-19 3:01
mveRichard Deeming19-Mar-19 3:01 
GeneralRe: Not declared or inaccessible due to protection levels - VS 2017 errors Pin
Member 876166720-Mar-19 0:08
memberMember 876166720-Mar-19 0:08 
GeneralGrid view select operation to update data from form view Pin
Member 1418527517-Mar-19 2:01
memberMember 1418527517-Mar-19 2:01 
Questionnamespace error when using namespaces that don't match names ? Pin
Member 245846713-Mar-19 21:26
memberMember 245846713-Mar-19 21:26 
QuestionRe: namespace error when using namespaces that don't match names ? Pin
Richard MacCutchan13-Mar-19 23:24
protectorRichard MacCutchan13-Mar-19 23:24 
AnswerRe: namespace error when using namespaces that don't match names ? Pin
Eddy Vluggen14-Mar-19 3:20
mveEddy Vluggen14-Mar-19 3:20 
SuggestionRe: namespace error when using namespaces that don't match names ? Pin
Richard Deeming14-Mar-19 9:44
mveRichard Deeming14-Mar-19 9:44 
Member 2458467 wrote:
public static DataTable FillDatatable(string sSQL)

Your class is going to force you to write code which is vulnerable to SQL Injection[^]. You need to provide a way to pass parameters to the query without trying to stuff the parameter values into the query itself.
public static DataTable FillDatatable(string commandText, params SqlParameter[] commandParameters)
{
    using (SqlConnection connection = CreateYourConnection())
    using (SqlCommand command = new SqlCommand(commandText, connection))
    {
        foreach (ICloneable p in commandParameters)
        {
            command.Parameters.Add((SqlParameter)p.Clone());
        }
        
        using (SqlDataAdapter da = new SqlDataAdapter(command))
        {
            DataTable table = new DataTable();
            da.Fill(table);
            return table;
        }
    }
}

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]



"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer

GeneralRe: namespace error when using namespaces that don't match names ? Pin
Member 24584673-May-19 21:35
memberMember 24584673-May-19 21:35 
AnswerRe: namespace error when using namespaces that don't match names ? Pin
Member 245846718-Mar-19 0:04
memberMember 245846718-Mar-19 0:04 
QuestionCapture Search Engine Keyword Pin
Otekpo Emmanuel12-Mar-19 16:09
memberOtekpo Emmanuel12-Mar-19 16:09 
AnswerRe: Capture Search Engine Keyword Pin
F-ES Sitecore13-Mar-19 2:02
mveF-ES Sitecore13-Mar-19 2:02 
QuestionCommunication between 2 MVC API's on the same server Pin
Fred28345-Mar-19 22:19
memberFred28345-Mar-19 22:19 
AnswerRe: Communication between 2 MVC API's on the same server Pin
Afzaal Ahmad Zeeshan6-Mar-19 2:34
mveAfzaal Ahmad Zeeshan6-Mar-19 2:34 
GeneralRe: Communication between 2 MVC API's on the same server Pin
Fred28346-Mar-19 3:03
memberFred28346-Mar-19 3:03 
AnswerRe: Communication between 2 MVC API's on the same server Pin
Nathan Minier6-Mar-19 2:59
professionalNathan Minier6-Mar-19 2:59 
GeneralRe: Communication between 2 MVC API's on the same server Pin
Fred28346-Mar-19 3:20
memberFred28346-Mar-19 3:20 
QuestionOpenID, ADSF, custom LoginID Pin
Super Lloyd28-Feb-19 15:52
memberSuper Lloyd28-Feb-19 15:52 
QuestionUsing SelectList for dropdown binding (ASP.NET Core) Pin
Member 1416479527-Feb-19 5:42
memberMember 1416479527-Feb-19 5:42 
AnswerRe: Using SelectList for dropdown binding (ASP.NET Core) Pin
Richard Deeming27-Feb-19 9:10
mveRichard Deeming27-Feb-19 9:10 
GeneralRe: Using SelectList for dropdown binding (ASP.NET Core) Pin
Member 1416479527-Feb-19 9:20
memberMember 1416479527-Feb-19 9:20 
QuestionCapture and report JavaScript errors Pin
dataminers25-Feb-19 22:46
memberdataminers25-Feb-19 22:46 
QuestionASP.Net Core separate API and UI projects Pin
Mycroft Holmes14-Feb-19 14:18
memberMycroft Holmes14-Feb-19 14:18 
AnswerRe: ASP.Net Core separate API and UI projects Pin
Json Dev23-Feb-19 3:33
memberJson Dev23-Feb-19 3:33 
GeneralRe: ASP.Net Core separate API and UI projects Pin
Mycroft Holmes23-Feb-19 12:23
memberMycroft Holmes23-Feb-19 12:23 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.