Data Base Security

-

 DataBase Security is one of the important parts in web development. 

Inorder to maintain that, the vulnerable code like Data base path , query or etc is written inside the Class file in the form of functions and in the needy page they are only called.

How to create Class file-

Select the root > go to website menu > Add new item >Select class > give a desired name to class(lets say MyClass)

Inside it write the code for Object creation and library inclusion.

After that, create the function for each thing-

1. For connection- 

public string Connection()

{

string cs = @"data_base_path";

return cs;

}

 2. For query-

Insert-

public string Insertq()

string q = "insert into Table_name values"; 

return q;

}  

Update-

public string Updateq()

string q = "update Table_name set"; 

return q;

}  

Select-

public string Selectq()

string q = "select * from Table_name where"; 

return q;

}   

Delete-

public string Deleteq()

string q = "delete from Table_name where"; 

return q;

}   

Note:- We need to return something in the function as its return type is string here.

How to call it in aspx file-

1. For connection- 

// Create an object of the class where we defined our functions

MyClass m1 = new MyClass();

string cs= m1.connection();

cn = new SqlConnection(cs); 

cn. open();

2. For query- 

Insert-

string q = m1.Insertq() + "('"+control _name+"')";

cm = new SqlCommand(q,cn);

cm.ExecuteNonQuery();

Update- 

string q = m1.updateq() + " " + "column_name='"+Control_name.Text+"' where id='"+control_name.Text+"'";

cm = new SqlCommand(q,cn);

cm.ExecuteNonQuery(); 

Delete- 

string q = m1.Deleteq() + " " + "column_name='"+Control_name+"'";

cm = new SqlCommand(q,cn);

cm.ExecuteNonQuery();

Select- 

string q = m1.Selectq() + " " + "column_name='"+Control_name+"'";

cm = new SqlCommand(q,cn);

cm.ExecuteReader();


Comments

Post a Comment

Popular posts from this blog

Parameter Query

-
If we pass the value with (, ' " ! $) symbols in the control that will not be accepted through normal query. Parameter Query is used to accept the value with special symbols in the control like textbox. Parameter Query use a user defined variable with an @ sign.  In Parameter Query control is written in a different syntax. Column name and variable name can not be the same. Without column_name we can not perform Parameter query. Syntax- Insert- string s= "insert into Table_name (Column_name) values (@variable_name)"; cm = new SqlCommand(s,cn); cm.Parameters.AddWithValue("variable_name", control_name); cm.ExecuteNonQuery(); Update- string q = "update Proc_table set name=@name1 where email = @email1"; cm = new SqlCommand(q, cn); cm.Parameters.AddWithValue("name1", TextBox1.Text); cm.Parameters.AddWithValue("email1", TextBox2.Text); cm.ExecuteNonQuery();  
Read more

Final Project

-
Image
Registration form project   CODING- using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.Data.SqlClient; using System.Configuration; public partial class RegPage : System.Web.UI.Page {     SqlConnection cn;     SqlCommand cm;     SqlDataReader dr;     FinalClass fc = new FinalClass();     protected void Page_Load(object sender, EventArgs e)     {         if (!IsPostBack)         {             statedisplay();         }     }     protected void connect()     {         string s = ConfigurationManager.AppSettings["Ch_Db"];         cn = new SqlConnection(s);         cn.Open();          }     protected void statedisplay...
Read more

Grid View Paging

-
  Grid View paging- Grid view paging is used when we have to read the data in bulk then we divide the complete data records into pages consists 10 records in one page. SqlDataAdapter - It is used for Grid View Paging Data Adapter reads data in group of 10 records unlike DataReader which reads the data line by line. DataSet - DataSet Object is created, it accepts the data in bulk. Fill() - Fill() is used. CODE - protected void display() { //Connection Code string s = ConfigurationManager.AppSettings["db"]; cn = new SqlConnection(s); cn.Open(); //DataSet Object DataSet ds = new DataSet(); string s = "select * from Videodb"; //SqlDataAdapter object SqlDataReader adp = new SqlDataAdapter(); adp.Fill(ds); GridView1.DataSoruce = ds; GridView1.DataBind(); } Source code-   <asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False"              Height="589px" Width="483px" OnPageIndexChanging="click...
Read more