Don't store connection objects in static variables, particularly in an ASP.NET application. That single connection will be shared between every single request to your application, across multiple threads, which will cause lots of difficult to find errors.
Instead, create the connection each time you need it, and make sure you wrap it in a
using
block to ensure that it's always disposed of correctly.
You can avoid the
HttpContext.Current.Request.PhysicalApplicationPath
reference by using the
|DataDirectory|
placeholder. In an ASP.NET application, this always points to the
App_Data
directory.
private const string Connectionstring = "Provider=\"Microsoft.Jet.OLEDB.4.0\";Mode=Share Deny None;Data Source=\"|DataDirectory|\\Borsa_db.mdb\";User ID=Admin;Password=;";
public static OleDbConnection CreateConnection()
{
var result = new OleDbConnection(ConnectionString);
result.Open();
return result;
}
Your methods suggest that you are writing code which is vulnerable to
SQL Injection[
^]. You need to modify them to accept parameters, and update your code to pass the parameters correctly, instead of using string concatenation.
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[
^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[
^]
Query Parameterization Cheat Sheet | OWASP[
^]
SQL injection attack mechanics | Pluralsight [
^]