mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
37 lines
1.1 KiB
C#
37 lines
1.1 KiB
C#
using System;
|
|
using System.Data;
|
|
using System.Data.SqlClient;
|
|
using System.Web;
|
|
using System.Net;
|
|
|
|
public class SqlEncode
|
|
{
|
|
public static DataSet Bad(HttpContext ctx)
|
|
{
|
|
var user = WebUtility.UrlDecode(ctx.Request.QueryString["user"]);
|
|
using (var connection = new SqlConnection(""))
|
|
{
|
|
var query = "select * from Users where Name='" + user.Replace("\"", "\"\"") + "'";
|
|
var adapter = new SqlDataAdapter(query, connection);
|
|
var result = new DataSet();
|
|
adapter.Fill(result);
|
|
return result;
|
|
}
|
|
}
|
|
|
|
public static DataSet Good(HttpContext ctx)
|
|
{
|
|
var user = WebUtility.UrlDecode(ctx.Request.QueryString["user"]);
|
|
using (var connection = new SqlConnection(""))
|
|
{
|
|
var query = "select * from Users where Name=@name";
|
|
var adapter = new SqlDataAdapter(query, connection);
|
|
var parameter = new SqlParameter("name", user);
|
|
adapter.SelectCommand.Parameters.Add(parameter);
|
|
var result = new DataSet();
|
|
adapter.Fill(result);
|
|
return result;
|
|
}
|
|
}
|
|
}
|