Click here to Skip to main content
15,947,785 members
Home / Discussions / ASP.NET
   

ASP.NET

 
GeneralRe: Not declared or inaccessible due to protection levels - VS 2017 errors Pin
Member 876166718-Mar-19 10:52
Member 876166718-Mar-19 10:52 
GeneralRe: Not declared or inaccessible due to protection levels - VS 2017 errors Pin
Richard Deeming19-Mar-19 2:01
mveRichard Deeming19-Mar-19 2:01 
GeneralRe: Not declared or inaccessible due to protection levels - VS 2017 errors Pin
Member 876166719-Mar-19 23:08
Member 876166719-Mar-19 23:08 
GeneralGrid view select operation to update data from form view Pin
Member 1418527517-Mar-19 1:01
Member 1418527517-Mar-19 1:01 
Questionnamespace error when using namespaces that don't match names ? Pin
Member 245846713-Mar-19 20:26
Member 245846713-Mar-19 20:26 
QuestionRe: namespace error when using namespaces that don't match names ? Pin
Richard MacCutchan13-Mar-19 22:24
mveRichard MacCutchan13-Mar-19 22:24 
AnswerRe: namespace error when using namespaces that don't match names ? Pin
Eddy Vluggen14-Mar-19 2:20
professionalEddy Vluggen14-Mar-19 2:20 
SuggestionRe: namespace error when using namespaces that don't match names ? Pin
Richard Deeming14-Mar-19 8:44
mveRichard Deeming14-Mar-19 8:44 
Member 2458467 wrote:
public static DataTable FillDatatable(string sSQL)

Your class is going to force you to write code which is vulnerable to SQL Injection[^]. You need to provide a way to pass parameters to the query without trying to stuff the parameter values into the query itself.
C#
public static DataTable FillDatatable(string commandText, params SqlParameter[] commandParameters)
{
    using (SqlConnection connection = CreateYourConnection())
    using (SqlCommand command = new SqlCommand(commandText, connection))
    {
        foreach (ICloneable p in commandParameters)
        {
            command.Parameters.Add((SqlParameter)p.Clone());
        }
        
        using (SqlDataAdapter da = new SqlDataAdapter(command))
        {
            DataTable table = new DataTable();
            da.Fill(table);
            return table;
        }
    }
}

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]



"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer

GeneralRe: namespace error when using namespaces that don't match names ? Pin
Member 24584673-May-19 20:35
Member 24584673-May-19 20:35 
AnswerRe: namespace error when using namespaces that don't match names ? Pin
Member 245846717-Mar-19 23:04
Member 245846717-Mar-19 23:04 
QuestionCapture Search Engine Keyword Pin
Otekpo Emmanuel12-Mar-19 15:09
Otekpo Emmanuel12-Mar-19 15:09 
AnswerRe: Capture Search Engine Keyword Pin
F-ES Sitecore13-Mar-19 1:02
professionalF-ES Sitecore13-Mar-19 1:02 
QuestionCommunication between 2 MVC API's on the same server Pin
Fred28345-Mar-19 21:19
Fred28345-Mar-19 21:19 
AnswerRe: Communication between 2 MVC API's on the same server Pin
Afzaal Ahmad Zeeshan6-Mar-19 1:34
professionalAfzaal Ahmad Zeeshan6-Mar-19 1:34 
GeneralRe: Communication between 2 MVC API's on the same server Pin
Fred28346-Mar-19 2:03
Fred28346-Mar-19 2:03 
AnswerRe: Communication between 2 MVC API's on the same server Pin
Nathan Minier6-Mar-19 1:59
professionalNathan Minier6-Mar-19 1:59 
GeneralRe: Communication between 2 MVC API's on the same server Pin
Fred28346-Mar-19 2:20
Fred28346-Mar-19 2:20 
QuestionOpenID, ADSF, custom LoginID Pin
Super Lloyd28-Feb-19 14:52
Super Lloyd28-Feb-19 14:52 
QuestionUsing SelectList for dropdown binding (ASP.NET Core) Pin
Member 1416479527-Feb-19 4:42
Member 1416479527-Feb-19 4:42 
AnswerRe: Using SelectList for dropdown binding (ASP.NET Core) Pin
Richard Deeming27-Feb-19 8:10
mveRichard Deeming27-Feb-19 8:10 
GeneralRe: Using SelectList for dropdown binding (ASP.NET Core) Pin
Member 1416479527-Feb-19 8:20
Member 1416479527-Feb-19 8:20 
QuestionCapture and report JavaScript errors Pin
dataminers25-Feb-19 21:46
dataminers25-Feb-19 21:46 
QuestionASP.Net Core separate API and UI projects Pin
Mycroft Holmes14-Feb-19 13:18
professionalMycroft Holmes14-Feb-19 13:18 
AnswerRe: ASP.Net Core separate API and UI projects Pin
Json Dev23-Feb-19 2:33
Json Dev23-Feb-19 2:33 
GeneralRe: ASP.Net Core separate API and UI projects Pin
Mycroft Holmes23-Feb-19 11:23
professionalMycroft Holmes23-Feb-19 11:23 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.