public static bool ValidateQuery(string query){ return !ValidateRegex("dele

1. public static bool ValidateQuery(string query)
2. {
3. return !ValidateRegex("delete", query) && !ValidateRegex("exec", query) && !ValidateRegex("insert", query) && !ValidateRegex("alter", query) &&
4. !ValidateRegex("create", query) && !ValidateRegex("drop", query) && !ValidateRegex("truncate", query);
5. }
6. public static bool ValidateRegex(string term, string query)
7. {
8. // this regex finds all keywords {0} that are not leading or trailing by alphanumeric
9. return new Regex(string.Format("([^0-9a-z]{0}[^0-9a-z])|(^{0}[^0-9a-z])", term), RegexOptions.IgnoreCase).IsMatch(query);
10. }
11.  
12. public static bool IsDbAffected(string query, string conn, List<SqlParameter> parameters = null)
13. {
14. var response = false;
15. using (var sqlConnection = new SqlConnection(conn))
16. {
17. sqlConnection.Open();
18. using (var transaction = sqlConnection.BeginTransaction("Test Transaction"))
19. using (var command = new SqlCommand(query, sqlConnection, transaction))
20. {
21. command.Connection = sqlConnection;
22. command.CommandType = CommandType.Text;
23. command.CommandText = query;
24. if (parameters != null)
25. command.Parameters.AddRange(parameters.ToArray());
26. // ExecuteNonQuery() does not return data at all: only the number of rows affected by an insert, update, or delete.
27. if (command.ExecuteNonQuery() > 0)
28. {
29. transaction.Rollback("Test Transaction");
30. response = true;
31. }
32. transaction.Dispose();
33. command.Dispose();
34. }
35. }
36. return response;
37. }
38.  
39. if (stringSql.Substring(0, 6).ToUpper() == "SELECT")
40. {
41. //execute statement
42. }