using System; using System.Drawing; using System.Collections; using System.ComponentModel; using System.Windows.Forms; using System.Data; using System.Data.SqlClient; namespace InjCS { ///

/// Summary description for Form1. /// public class Form1 : System.Windows.Forms.Form { private System.Windows.Forms.Label label1; private System.Windows.Forms.Label label2; private System.Windows.Forms.Button button1; private System.Windows.Forms.Button button2; private System.Windows.Forms.Button button3; private System.Windows.Forms.TextBox FirstName; private System.Windows.Forms.TextBox LastName; private System.Windows.Forms.Label result; /// /// Required designer variable. /// private System.ComponentModel.Container components = null; public Form1() { // // Required for Windows Form Designer support // InitializeComponent(); // // TODO: Add any constructor code after InitializeComponent call // } /// /// Clean up any resources being used. /// protected override void Dispose( bool disposing ) { if( disposing ) { if (components != null) { components.Dispose(); } } base.Dispose( disposing ); } #region Windows Form Designer generated code /// /// Required method for Designer support - do not modify /// the contents of this method with the code editor. /// private void InitializeComponent() { this.label1 = new System.Windows.Forms.Label(); this.label2 = new System.Windows.Forms.Label(); this.FirstName = new System.Windows.Forms.TextBox(); this.LastName = new System.Windows.Forms.TextBox(); this.button1 = new System.Windows.Forms.Button(); this.button2 = new System.Windows.Forms.Button(); this.button3 = new System.Windows.Forms.Button(); this.result = new System.Windows.Forms.Label(); this.SuspendLayout(); // // label1 // this.label1.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0))); this.label1.Location = new System.Drawing.Point(16, 16); this.label1.Name = "label1"; this.label1.TabIndex = 0; this.label1.Text = "First Name:"; this.label1.TextAlign = System.Drawing.ContentAlignment.MiddleRight; // // label2 // this.label2.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0))); this.label2.Location = new System.Drawing.Point(16, 56); this.label2.Name = "label2"; this.label2.TabIndex = 1; this.label2.Text = "Last Name:"; this.label2.TextAlign = System.Drawing.ContentAlignment.MiddleRight; // // FirstName // this.FirstName.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0))); this.FirstName.Location = new System.Drawing.Point(120, 16); this.FirstName.Name = "FirstName"; this.FirstName.Size = new System.Drawing.Size(408, 22); this.FirstName.TabIndex = 2; this.FirstName.Text = ""; // // LastName // this.LastName.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0))); this.LastName.Location = new System.Drawing.Point(120, 56); this.LastName.Name = "LastName"; this.LastName.Size = new System.Drawing.Size(408, 22); this.LastName.TabIndex = 3; this.LastName.Text = ""; // // button1 // this.button1.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0))); this.button1.Location = new System.Drawing.Point(120, 88); this.button1.Name = "button1"; this.button1.Size = new System.Drawing.Size(75, 40); this.button1.TabIndex = 4; this.button1.Text = "Dynamic SQL"; this.button1.Click += new System.EventHandler(this.button1_Click); // // button2 // this.button2.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0))); this.button2.Location = new System.Drawing.Point(280, 88); this.button2.Name = "button2"; this.button2.Size = new System.Drawing.Size(75, 40); this.button2.TabIndex = 5; this.button2.Text = "Stored Proc"; this.button2.Click += new System.EventHandler(this.button2_Click); // // button3 // this.button3.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0))); this.button3.Location = new System.Drawing.Point(424, 88); this.button3.Name = "button3"; this.button3.Size = new System.Drawing.Size(104, 40); this.button3.TabIndex = 6; this.button3.Text = "Parameterized Query"; this.button3.Click += new System.EventHandler(this.button3_Click); // // result // this.result.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0))); this.result.ForeColor = System.Drawing.Color.Red; this.result.Location = new System.Drawing.Point(272, 144); this.result.Name = "result"; this.result.Size = new System.Drawing.Size(104, 23); this.result.TabIndex = 7; // // Form1 // this.AutoScaleBaseSize = new System.Drawing.Size(5, 13); this.ClientSize = new System.Drawing.Size(576, 181); this.Controls.Add(this.result); this.Controls.Add(this.button3); this.Controls.Add(this.button2); this.Controls.Add(this.button1); this.Controls.Add(this.LastName); this.Controls.Add(this.FirstName); this.Controls.Add(this.label2); this.Controls.Add(this.label1); this.Name = "Form1"; this.Text = "Form1"; this.ResumeLayout(false); } #endregion /// /// The main entry point for the application. /// [STAThread] static void Main() { Application.Run(new Form1()); } private void button1_Click(object sender, System.EventArgs e) { SqlConnection sqlConnection = new SqlConnection("data source=(local);initial catalog=Northwind;integrated security=SSPI;persist security info=False"); SqlCommand sqlCmd = new SqlCommand(); sqlCmd.CommandText = String.Concat(new string[]{"select EmployeeID from Employees where FirstName = \'", FirstName.Text, "\' and LastName = \'", LastName.Text, "\'"}); sqlCmd.CommandType = CommandType.Text; sqlCmd.Connection = sqlConnection; sqlConnection.Open(); SqlDataReader sqlDataReader = sqlCmd.ExecuteReader(); if (sqlDataReader.HasRows) { result.Text = "authorized"; } else { result.Text = "unauthorized"; } sqlDataReader.Close(); sqlConnection.Close(); } private void button2_Click(object sender, System.EventArgs e) { SqlConnection sqlConnection = new SqlConnection("data source=(local);initial catalog=Northwind;integrated security=SSPI;persist security info=False"); SqlCommand sqlCmd = new SqlCommand("ValidateUser", sqlConnection); sqlCmd.CommandType = CommandType.StoredProcedure; SqlParameter sqlP1 = new SqlParameter("@FirstName", SqlDbType.NVarChar); sqlP1.Direction = ParameterDirection.Input; sqlP1.Value = FirstName.Text; SqlParameter sqlP2 = new SqlParameter("@LastName", SqlDbType.NVarChar); sqlP2.Direction = ParameterDirection.Input; sqlP2.Value = LastName.Text; sqlCmd.Parameters.Add(sqlP1); sqlCmd.Parameters.Add(sqlP2); sqlConnection.Open(); SqlDataReader sqlDataReader = sqlCmd.ExecuteReader(); if (sqlDataReader.HasRows) { result.Text = "authorized"; } else { result.Text = "unauthorized"; } sqlDataReader.Close(); sqlConnection.Close(); } private void button3_Click(object sender, System.EventArgs e) { SqlConnection sqlConnection = new SqlConnection("data source=(local);initial catalog=Northwind;integrated security=SSPI;persist security info=False"); SqlCommand sqlCmd = new SqlCommand("select EmployeeID from Employees where FirstName = @FirstName and LastName = @LastName", sqlConnection); SqlParameter sqlP1 = new SqlParameter("@FirstName", SqlDbType.NVarChar); sqlP1.Direction = ParameterDirection.Input; sqlP1.Value = FirstName.Text; SqlParameter sqlP2 = new SqlParameter("@LastName", SqlDbType.NVarChar); sqlP2.Direction = ParameterDirection.Input; sqlP2.Value = LastName.Text; sqlCmd.Parameters.Add(sqlP1); sqlCmd.Parameters.Add(sqlP2); sqlConnection.Open(); SqlDataReader sqlDataReader = sqlCmd.ExecuteReader(); if (sqlDataReader.HasRows) { result.Text = "authorized"; } else { result.Text = "unauthorized"; } sqlDataReader.Close(); sqlConnection.Close(); } } }