%@ language="C#" ValidateRequest="false" debug="true"%>
<% @Import Namespace="System.Data" %>
<% @Import Namespace="System.Data.SqlClient" %>
SiteGenerator - DataValidation : SQL Injection : Basic
DataValidation : SQL Injection : Basic
<%
string strSqlQuery;
if (null == Request.QueryString["user_id"])
{
strSqlQuery = "Select * from fsb_users";
Response.Write("note: use querystring value user_id to search for details of a particular users
");
}
else
strSqlQuery = "Select * from fsb_users where user_id = " + Request.QueryString["user_id"];
ArrayList alResults = returnArrayListFromSQLQuery_containing_AllFieldsFromAllRows(strSqlQuery);
Response.Write("#" + alResults.Count.ToString() + " results fetched
");
if (alResults.Count>0)
{
foreach(ArrayList alResult in alResults)
{
Response.Write("");
foreach(object sResult in alResult)
Response.Write(sResult.ToString() + " , " );
Response.Write("");
}
}
closeSqlServerConnection();
%>