Skip to content
Permalink
Browse files Browse the repository at this point in the history
Little fix against sql injections
  • Loading branch information
githuis committed May 15, 2015
1 parent 0d1b231 commit 717380a
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions PTwoManage/Database.cs
Expand Up @@ -49,6 +49,11 @@ public static Database Instance

public void Execute(string sql)
{
if(sql.Contains(";"))
{
System.Windows.Forms.MessageBox.Show("Cannot execute database request, please do not use semicolon ';' anywhere");
return;
}
SQLiteCommand command = new SQLiteCommand(sql, m_dbConnection);
command.ExecuteNonQuery();
}
Expand Down

0 comments on commit 717380a

Please sign in to comment.