protected void Button1_Click(object sender, EventArgs e) { string CS = ConfigurationManager.ConnectionStrings["DBCS"].ConnectionString; using(SqlConnection con= new SqlConnection(CS)) { string command = "select * from tblProductInventory where ProductName like ' " + TextBox1.Text + "%'"; SqlCommand cmd = new SqlCommand(command,con); con.Open(); GridView1.DataSource = cmd.ExecuteReader(); GridView1.DataBind(); }
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="WebForm1.aspx.cs" Inherits="SqlInjection.WebForm1" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title></title> </head> <body> <form id="form1" runat="server"> <div> <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox> <asp:Button ID="Button1" runat="server" Text="Get Products" onclick="Button1_Click" /> <asp:GridView ID="GridView1" runat="server" BackColor="#DEBA84" BorderColor="#DEBA84" BorderStyle="None" BorderWidth="1px" CellPadding="3" CellSpacing="2"> <FooterStyle BackColor="#F7DFB5" ForeColor="#8C4510" /> <HeaderStyle BackColor="#A55129" Font-Bold="True" ForeColor="White" /> <PagerStyle ForeColor="#8C4510" HorizontalAlign="Center" /> <RowStyle BackColor="#FFF7E7" ForeColor="#8C4510" /> <SelectedRowStyle BackColor="#738A9C" Font-Bold="True" ForeColor="White" /> <SortedAscendingCellStyle BackColor="#FFF1D4" /> <SortedAscendingHeaderStyle BackColor="#B95C30" /> <SortedDescendingCellStyle BackColor="#F1E5CE" /> <SortedDescendingHeaderStyle BackColor="#93451F" /> </asp:GridView> </div> </form> </body> </html>
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)