Friday, February 10, 2012

C#(Query To Prevent SQL Injections)


#region Login

        string strError = string.Empty;
        string strSql = "SELECT * FROM Table_Name WHERE Column_Name = @UserId";

        SqlCommand command = new SqlCommand(strSql);
        command.Parameters.AddWithValue("@UserId", Element);

        DALayer layer = new DALayer();
        ds = new DataSet();
        ds = layer.FetchRecords(command, ref strError);

        if (strError == "T")
        {
            if (ds.Tables[0].Rows.Count > 0)
            {
              //Welcome User
                 
            }
        }
        else
        {
            throw new Exception(strError);
        }
#endregion Login


 //Note: (Can be apply by using DALayer)
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)