Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- public static bool ValidateQuery(string query)
- {
- return !ValidateRegex("delete", query) && !ValidateRegex("exec", query) && !ValidateRegex("insert", query) && !ValidateRegex("alter", query) &&
- !ValidateRegex("create", query) && !ValidateRegex("drop", query) && !ValidateRegex("truncate", query);
- }
- public static bool ValidateRegex(string term, string query)
- {
- // this regex finds all keywords {0} that are not leading or trailing by alphanumeric
- return new Regex(string.Format("([^0-9a-z]{0}[^0-9a-z])|(^{0}[^0-9a-z])", term), RegexOptions.IgnoreCase).IsMatch(query);
- }
- public static bool IsDbAffected(string query, string conn, List<SqlParameter> parameters = null)
- {
- var response = false;
- using (var sqlConnection = new SqlConnection(conn))
- {
- sqlConnection.Open();
- using (var transaction = sqlConnection.BeginTransaction("Test Transaction"))
- using (var command = new SqlCommand(query, sqlConnection, transaction))
- {
- command.Connection = sqlConnection;
- command.CommandType = CommandType.Text;
- command.CommandText = query;
- if (parameters != null)
- command.Parameters.AddRange(parameters.ToArray());
- // ExecuteNonQuery() does not return data at all: only the number of rows affected by an insert, update, or delete.
- if (command.ExecuteNonQuery() > 0)
- {
- transaction.Rollback("Test Transaction");
- response = true;
- }
- transaction.Dispose();
- command.Dispose();
- }
- }
- return response;
- }
- if (stringSql.Substring(0, 6).ToUpper() == "SELECT")
- {
- //execute statement
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement