1
Fork 0

Removed almost everything. cant have execution function in case of SQL injection techniques

This commit is contained in:
Jake Howard 2014-07-25 19:08:08 +01:00
parent 74f6359f77
commit 1b3f83d9e1

View file

@ -11,51 +11,22 @@ namespace Saviour_Backup_System
{ {
class databaseTools class databaseTools
{ {
private static string databaseName = "db.sdf"; private static SqlCeConnection conn = new SqlCeConnection("Data Source = " + databaseName);
public static void initDatabase() public static string databaseName = "db.sdf";
private static void executeSQL(string sqlCode)
{ {
try{
if (!File.Exists(databaseName))
{
SqlCeEngine SQLEngine = new SqlCeEngine("Data Source = " + databaseName);
SQLEngine.CreateDatabase(); //Creates the database if it doesnt exist already
SqlCeConnection conn = new SqlCeConnection("Data Source = " + databaseName);
conn.Open();
SqlCeCommand cmd = conn.CreateCommand();
cmd.CommandText = "CREATE TABLE Rules (%%)"; //Fill these in! (Before running)
cmd.ExecuteNonQuery();
}
}
catch (Exception err) { MessageBox.Show("An Error has occured: \n" + err.ToString()); }
}
public static string executeSQLQuery(string sqlCode)
{
SqlCeConnection conn = new SqlCeConnection("Data Source = " + databaseName);
conn.Open();
SqlCeCommand cmd = conn.CreateCommand();
cmd.CommandText = sqlCode;
SqlCeDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
}
return "";
}
public static void executeSQL(string sqlCode)
{
SqlCeConnection conn = new SqlCeConnection("Data Source = " + databaseName);
conn.Open(); conn.Open();
SqlCeCommand cmd = conn.CreateCommand(); SqlCeCommand cmd = conn.CreateCommand();
cmd.CommandText = sqlCode; cmd.CommandText = sqlCode;
cmd.ExecuteNonQuery(); cmd.ExecuteNonQuery();
} }
public static void clearTable(string tableName)
public static void clearBackups(string tableName)
{ {
executeSQL("DELETE FROM " + tableName + ";"); executeSQL("DELETE FROM Rules;");
} }
} }
} }