using System;
using System.Drawing;
using System.Collections;
using System.ComponentModel;
using System.Windows.Forms;
using System.Data;
using System.Data.SqlClient;
namespace InjCS
{
///
/// Summary description for Form1.
///
public class Form1 : System.Windows.Forms.Form
{
private System.Windows.Forms.Label label1;
private System.Windows.Forms.Label label2;
private System.Windows.Forms.Button button1;
private System.Windows.Forms.Button button2;
private System.Windows.Forms.Button button3;
private System.Windows.Forms.TextBox FirstName;
private System.Windows.Forms.TextBox LastName;
private System.Windows.Forms.Label result;
///
/// Required designer variable.
///
private System.ComponentModel.Container components = null;
public Form1()
{
//
// Required for Windows Form Designer support
//
InitializeComponent();
//
// TODO: Add any constructor code after InitializeComponent call
//
}
///
/// Clean up any resources being used.
///
protected override void Dispose( bool disposing )
{
if( disposing )
{
if (components != null)
{
components.Dispose();
}
}
base.Dispose( disposing );
}
#region Windows Form Designer generated code
///
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
///
private void InitializeComponent()
{
this.label1 = new System.Windows.Forms.Label();
this.label2 = new System.Windows.Forms.Label();
this.FirstName = new System.Windows.Forms.TextBox();
this.LastName = new System.Windows.Forms.TextBox();
this.button1 = new System.Windows.Forms.Button();
this.button2 = new System.Windows.Forms.Button();
this.button3 = new System.Windows.Forms.Button();
this.result = new System.Windows.Forms.Label();
this.SuspendLayout();
//
// label1
//
this.label1.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0)));
this.label1.Location = new System.Drawing.Point(16, 16);
this.label1.Name = "label1";
this.label1.TabIndex = 0;
this.label1.Text = "First Name:";
this.label1.TextAlign = System.Drawing.ContentAlignment.MiddleRight;
//
// label2
//
this.label2.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0)));
this.label2.Location = new System.Drawing.Point(16, 56);
this.label2.Name = "label2";
this.label2.TabIndex = 1;
this.label2.Text = "Last Name:";
this.label2.TextAlign = System.Drawing.ContentAlignment.MiddleRight;
//
// FirstName
//
this.FirstName.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0)));
this.FirstName.Location = new System.Drawing.Point(120, 16);
this.FirstName.Name = "FirstName";
this.FirstName.Size = new System.Drawing.Size(408, 22);
this.FirstName.TabIndex = 2;
this.FirstName.Text = "";
//
// LastName
//
this.LastName.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0)));
this.LastName.Location = new System.Drawing.Point(120, 56);
this.LastName.Name = "LastName";
this.LastName.Size = new System.Drawing.Size(408, 22);
this.LastName.TabIndex = 3;
this.LastName.Text = "";
//
// button1
//
this.button1.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0)));
this.button1.Location = new System.Drawing.Point(120, 88);
this.button1.Name = "button1";
this.button1.Size = new System.Drawing.Size(75, 40);
this.button1.TabIndex = 4;
this.button1.Text = "Dynamic SQL";
this.button1.Click += new System.EventHandler(this.button1_Click);
//
// button2
//
this.button2.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0)));
this.button2.Location = new System.Drawing.Point(280, 88);
this.button2.Name = "button2";
this.button2.Size = new System.Drawing.Size(75, 40);
this.button2.TabIndex = 5;
this.button2.Text = "Stored Proc";
this.button2.Click += new System.EventHandler(this.button2_Click);
//
// button3
//
this.button3.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0)));
this.button3.Location = new System.Drawing.Point(424, 88);
this.button3.Name = "button3";
this.button3.Size = new System.Drawing.Size(104, 40);
this.button3.TabIndex = 6;
this.button3.Text = "Parameterized Query";
this.button3.Click += new System.EventHandler(this.button3_Click);
//
// result
//
this.result.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0)));
this.result.ForeColor = System.Drawing.Color.Red;
this.result.Location = new System.Drawing.Point(272, 144);
this.result.Name = "result";
this.result.Size = new System.Drawing.Size(104, 23);
this.result.TabIndex = 7;
//
// Form1
//
this.AutoScaleBaseSize = new System.Drawing.Size(5, 13);
this.ClientSize = new System.Drawing.Size(576, 181);
this.Controls.Add(this.result);
this.Controls.Add(this.button3);
this.Controls.Add(this.button2);
this.Controls.Add(this.button1);
this.Controls.Add(this.LastName);
this.Controls.Add(this.FirstName);
this.Controls.Add(this.label2);
this.Controls.Add(this.label1);
this.Name = "Form1";
this.Text = "Form1";
this.ResumeLayout(false);
}
#endregion
///
/// The main entry point for the application.
///
[STAThread]
static void Main()
{
Application.Run(new Form1());
}
private void button1_Click(object sender, System.EventArgs e)
{
SqlConnection sqlConnection = new SqlConnection("data source=(local);initial catalog=Northwind;integrated security=SSPI;persist security info=False");
SqlCommand sqlCmd = new SqlCommand();
sqlCmd.CommandText = String.Concat(new string[]{"select EmployeeID from Employees where FirstName = \'", FirstName.Text, "\' and LastName = \'", LastName.Text, "\'"});
sqlCmd.CommandType = CommandType.Text;
sqlCmd.Connection = sqlConnection;
sqlConnection.Open();
SqlDataReader sqlDataReader = sqlCmd.ExecuteReader();
if (sqlDataReader.HasRows)
{
result.Text = "authorized";
}
else
{
result.Text = "unauthorized";
}
sqlDataReader.Close();
sqlConnection.Close();
}
private void button2_Click(object sender, System.EventArgs e)
{
SqlConnection sqlConnection = new SqlConnection("data source=(local);initial catalog=Northwind;integrated security=SSPI;persist security info=False");
SqlCommand sqlCmd = new SqlCommand("ValidateUser", sqlConnection);
sqlCmd.CommandType = CommandType.StoredProcedure;
SqlParameter sqlP1 = new SqlParameter("@FirstName", SqlDbType.NVarChar);
sqlP1.Direction = ParameterDirection.Input;
sqlP1.Value = FirstName.Text;
SqlParameter sqlP2 = new SqlParameter("@LastName", SqlDbType.NVarChar);
sqlP2.Direction = ParameterDirection.Input;
sqlP2.Value = LastName.Text;
sqlCmd.Parameters.Add(sqlP1);
sqlCmd.Parameters.Add(sqlP2);
sqlConnection.Open();
SqlDataReader sqlDataReader = sqlCmd.ExecuteReader();
if (sqlDataReader.HasRows)
{
result.Text = "authorized";
}
else
{
result.Text = "unauthorized";
}
sqlDataReader.Close();
sqlConnection.Close();
}
private void button3_Click(object sender, System.EventArgs e)
{
SqlConnection sqlConnection = new SqlConnection("data source=(local);initial catalog=Northwind;integrated security=SSPI;persist security info=False");
SqlCommand sqlCmd = new SqlCommand("select EmployeeID from Employees where FirstName = @FirstName and LastName = @LastName", sqlConnection);
SqlParameter sqlP1 = new SqlParameter("@FirstName", SqlDbType.NVarChar);
sqlP1.Direction = ParameterDirection.Input;
sqlP1.Value = FirstName.Text;
SqlParameter sqlP2 = new SqlParameter("@LastName", SqlDbType.NVarChar);
sqlP2.Direction = ParameterDirection.Input;
sqlP2.Value = LastName.Text;
sqlCmd.Parameters.Add(sqlP1);
sqlCmd.Parameters.Add(sqlP2);
sqlConnection.Open();
SqlDataReader sqlDataReader = sqlCmd.ExecuteReader();
if (sqlDataReader.HasRows)
{
result.Text = "authorized";
}
else
{
result.Text = "unauthorized";
}
sqlDataReader.Close();
sqlConnection.Close();
}
}
}