Generic method to run sql from files
tsahi bar
generally db access should done via self-written abstraction layer. wheter db supports stored procedures or not irrelevant then. write 1 implementation per dbms, based on same interface or abstract base class. actuall programm uses defined in said interface/base class, wich of dbms adapters instantiated irreleavant.
makes swapping out 1 dbms class other single line change. here example of design:
http://www.codeproject.com/articles/43438/connect-c-to-mysql
even taking user input , connacting query without sanitizing bad idea:
http://en.wikipedia.org/wiki/sql_injection
ideally use sql-paramters, type safe , injection proof (http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx).
taking whole query string source asking write down "drop database" line. , db-code should never allow (and before think it, jsut filtering keywords nto going work either. if writese commet "--this should not drop database"?)
let's talk mvvm: http://social.msdn.microsoft.com/forums/en-us/wpf/thread/b1a8bf14-4acd-4d77-9df8-bdb95b02dbe2 please mark post helpfull , answers respectively.
Visual Studio Languages , .NET Framework > Visual C#
Comments
Post a Comment