Wednesday, December 29, 2010

Update,Delete in a table - SQL injection free C# .net

Update,Delete in a table - SQL injection free C# .net

  void updateADJ()
    {
        SqlConnection myConnection = new SqlConnection(ConnectionString);
        string strSQL;
        strSQL = "update BOINVADJ set IAMEDQTY1=@IAMEDQTY1,IAMEDQTY2=@IAMEDQTY2,"
        + " IABOXQTY=@IABOXQTY,IAGELQTY=@IAGELQTY,IACRYQTY=@IACRYQTY "
        + " WHERE IAID =" + Request["ID"];
        SqlCommand cmd = new SqlCommand(strSQL, myConnection);
        cmd.Parameters.AddWithValue("@IAMEDQTY1",TextBox2.Text  );
        cmd.Parameters.AddWithValue("@IAMEDQTY2", TextBox3.Text);
        cmd.Parameters.AddWithValue("@IABOXQTY", TextBox4.Text);
        cmd.Parameters.AddWithValue("@IAGELQTY", TextBox5.Text);
        cmd.Parameters.AddWithValue("@IACRYQTY", TextBox6.Text);

        myConnection.Open();
        cmd.ExecuteNonQuery();
        myConnection.Close();
    }
    void Deletedata()
    {
        SqlConnection myConnection = new SqlConnection(ConnectionString);
        string strSQL;
        strSQL = "delete from BOINVADJ WHERE IAID=" + Request["ID"];
        SqlCommand cmd = new SqlCommand(strSQL, myConnection);
        cmd.CommandType = CommandType.Text;
        myConnection.Open();
        cmd.ExecuteNonQuery();
        myConnection.Close();
        Response.Redirect("invadj.aspx");
    }

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)