Removed almost everything. cant have execution function in case of SQL injection techniques

2014-07-25 19:08:08 +01:00 · 2014-07-25 19:08:08 +01:00 · 1b3f83d9e1
commit 1b3f83d9e1
parent 74f6359f77
1 changed files with 8 additions and 37 deletions
--- a/System/databaseTools.cs
+++ b/System/databaseTools.cs
@ -11,51 +11,22 @@ namespace Saviour_Backup_System
 {
    class databaseTools
    {
-        private static string databaseName = "db.sdf";
-        public static void initDatabase()
+        private static SqlCeConnection conn = new SqlCeConnection("Data Source = " + databaseName);
+        public static string databaseName = "db.sdf";
+
+
+        private static void executeSQL(string sqlCode)
        {
-            try{
-                if (!File.Exists(databaseName))
-                {
-                    SqlCeEngine SQLEngine = new SqlCeEngine("Data Source = " + databaseName);
-                    SQLEngine.CreateDatabase(); //Creates the database if it doesnt exist already
-
-                    SqlCeConnection conn = new SqlCeConnection("Data Source = " + databaseName);
-                    conn.Open();
-                    SqlCeCommand cmd = conn.CreateCommand();
-
-                    cmd.CommandText = "CREATE TABLE Rules (%%)"; //Fill these in! (Before running)
-                    cmd.ExecuteNonQuery();
-                }
-            }
-            catch (Exception err) { MessageBox.Show("An Error has occured: \n" + err.ToString()); }
-        }
-        public static string executeSQLQuery(string sqlCode)
-        {
-            SqlCeConnection conn = new SqlCeConnection("Data Source = " + databaseName);
-            conn.Open();
-            SqlCeCommand cmd = conn.CreateCommand();
-            cmd.CommandText = sqlCode;
-            SqlCeDataReader reader = cmd.ExecuteReader();
-            while (reader.Read())
-            {
-
-            }
-            return "";
-        }
-
-        public static void executeSQL(string sqlCode)
-        {
-            SqlCeConnection conn = new SqlCeConnection("Data Source = " + databaseName);
            conn.Open();
            SqlCeCommand cmd = conn.CreateCommand();
            cmd.CommandText = sqlCode;
            cmd.ExecuteNonQuery();
        }

-        public static void clearTable(string tableName)
+
+        public static void clearBackups(string tableName)
        {
-           executeSQL("DELETE FROM " + tableName + ";");
+           executeSQL("DELETE FROM Rules;");
        }
    }
 }