1
Fork 0

Removed almost everything. cant have execution function in case of SQL injection techniques

This commit is contained in:
Jake Howard 2014-07-25 19:08:08 +01:00
parent 74f6359f77
commit 1b3f83d9e1

View file

@ -11,51 +11,22 @@ namespace Saviour_Backup_System
{
class databaseTools
{
private static string databaseName = "db.sdf";
public static void initDatabase()
private static SqlCeConnection conn = new SqlCeConnection("Data Source = " + databaseName);
public static string databaseName = "db.sdf";
private static void executeSQL(string sqlCode)
{
try{
if (!File.Exists(databaseName))
{
SqlCeEngine SQLEngine = new SqlCeEngine("Data Source = " + databaseName);
SQLEngine.CreateDatabase(); //Creates the database if it doesnt exist already
SqlCeConnection conn = new SqlCeConnection("Data Source = " + databaseName);
conn.Open();
SqlCeCommand cmd = conn.CreateCommand();
cmd.CommandText = "CREATE TABLE Rules (%%)"; //Fill these in! (Before running)
cmd.ExecuteNonQuery();
}
}
catch (Exception err) { MessageBox.Show("An Error has occured: \n" + err.ToString()); }
}
public static string executeSQLQuery(string sqlCode)
{
SqlCeConnection conn = new SqlCeConnection("Data Source = " + databaseName);
conn.Open();
SqlCeCommand cmd = conn.CreateCommand();
cmd.CommandText = sqlCode;
SqlCeDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
}
return "";
}
public static void executeSQL(string sqlCode)
{
SqlCeConnection conn = new SqlCeConnection("Data Source = " + databaseName);
conn.Open();
SqlCeCommand cmd = conn.CreateCommand();
cmd.CommandText = sqlCode;
cmd.ExecuteNonQuery();
}
public static void clearTable(string tableName)
public static void clearBackups(string tableName)
{
executeSQL("DELETE FROM " + tableName + ";");
executeSQL("DELETE FROM Rules;");
}
}
}