I know, it is not recommended. The possible risk of SQL Injection.
In my present app., I created a class containing reusable functions. One such function is this:
public static Int32 InsertNewRecord(string myQuery)
{
ModCon.OpenConnection();
MySqlCommand cmdInsert = new MySqlCommand(myQuery, ModCon.myCN);
try
{
Int32 RecordsAffected = cmdInsert.ExecuteNonQuery();
return RecordsAffected;
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString(), "Error:", MessageBoxButtons.OK, MessageBoxIcon.Error);
return 0;
}
finally
{
cmdInsert.Dispose();
ModCon.CloseConnection();
}
}
This class has many such methods that can be reused. There is a method to fill a DataGridView, where in I pass the DataGridView name and SQL query to populate it.
My application is at present a standalone Windows app. What could be a professional way to achieve this without the fear of SQL Injection?
The methods above are in a class and whenever I need these methods, I create an instance of this class in another class.