Correct

Bakeel

SqlConnection con = new SqlConnection("Data Source=.;Integrated Security=SSPI;Initial Catalog=basic2018");

            SqlConnection con2 = new SqlConnection("Data Source=.;Integrated Security=SSPI;Initial Catalog=basic2018");

            SqlConnection con3 = new SqlConnection("Data Source=.;Integrated Security=SSPI;Initial Catalog=basic2018");

            SqlDataAdapter ad;

            SqlDataAdapter ad1;

            SqlCommand com;


            string sqlString2 = "SELECT     رقم\_الحافظة, رقم\_الملف, رقم\_الوثيقة, نوع\_المرفق, رقم\_المرفق, عليها\_اوساخ\_ومواد\_عالقة, عليها\_دبابيس\_ومسامير, تحتاج\_إلى\_تسطيح, عليها\_بقع, عليها\_لواصق\_كرتونية, زجاجية\_شفافة, اللواصق\_ثابتة, لواصق\_منتزعة, لواصق\_شبه\_منتزعة,   ممزقة\_تحتاج\_لترميم, مصابة\_بالحموضة, حبرها\_حديدي, ملاحظات\_أخرى, مختص\_التشخيص FROM  bbb  WHERE     (رقم\_الحافظة IS NOT NULL) AND (رقم\_الملف IS NOT NULL) AND (رقم\_الوثيقة IS NOT NULL) ORDER BY رقم\_الحافظة, رقم\_الملف, رقم\_الوثيقة, نوع\_المرفق, رقم\_المرفق";

            

            ad = new SqlDataAdapter(sqlString2, con);
            DataSet ds = new DataSet();
            ad.Fill(ds, "Bakeel");


            int rowsCount = Convert.ToInt32(ds.Tables\["Bakeel"\].Rows.Count);

            //int exam\_places\_id\_For\_School = 0;


            string strSql = null;


            for (int i = 0; i < rowsCount; i++)
            {
                
                int رقم\_الحافظة = Convert.ToInt32(ds.Tables\["Bakeel"\].Rows\[i\]\["رقم\_الحافظة"\].ToString());
                int رقم\_الملف = Convert.ToInt32(ds.Tables\["Bakeel"\].Rows\[i\]\["رقم\_الملف"\].ToString());
                int رقم\_الوثيقة = Convert.ToInt32(ds.Tables\["Bakeel"\].Rows\[i\]\["رقم\_الوثيقة"\].ToString());
                string نوع\_المرفق = ds.Tables\["Bakeel"\].Rows\[i\]\["نوع\_المرفق"\].ToString();



                string رقم\_المرفق = ds.Tables\["Bakeel"\].Rows\[i\]\["رقم\_المرفق"\].ToString();

                string عليها\_اوساخ\_ومواد\_عالقة = ds.Tables\["Bakeel"\].Rows\[i\]\["عليها\_اوساخ\_ومواد\_عالقة"\].ToString();

                string عليها\_دبابيس\_ومسامير = ds.Tables\["Bakeel"\].Rows\[i\]\["عليها\_دبابيس\_ومسامير"\].ToString();

                string تحتاج\_إلى\_تسطيح = ds.Tables\["Bakeel"\].Rows\[i\]\["تحتاج\_إلى\_تسطيح"\].ToString();

                string عليها\_بقع = ds.Tables\["Bakeel"\].Rows\[i\]\["عليها\_بقع"\].ToString();

                string عليها\_لواصق\_كرتونية = ds.Tables\["Bakeel"\].Rows\[i\]\["عليها\_لواصق\_كرتونية"\].ToString();

                str

Richard Deeming

Bakeel wrote:

Correct

No it's not. Aside from the fact that you haven't asked a question - unless "correct" was an extremely rude demand for someone to "fix" your code? * - this code is not "correct". It is vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query. Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^] How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^] Query Parameterization Cheat Sheet | OWASP[^] * If it was a demand, then prepare to kiss goodbye to your account. Dumping 100+ lines of unexplained code and demanding that we "correct" it for you, particularly when you haven't explained what needs "correcting", is a great way to get kicked off the site for being a troll. This forum is manned by unpaid volunteers, who are not your personal slaves. We have better things to do with our time than deal with such rude demands.

---

"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer