Accessing SQL Database in Selenium C# Script

Here is an example that shows you how you can connect to the database and how to execute the SQL queries in the selenium C# scripts.
In this example I am connecting the SQL server by passing the server name, username password and the database name. I then execute the SQL command “select Employee_no from employee where deptno =100”


[Test]
public void SQLTest()
{
//#region Building the connection string
string Server = "ServerName";
string Username = "username";
string Password = "password";
string Database = "DatabaseName";
string ConnectionString = "Data Source=" + Server + ";";
ConnectionString += "User ID=" + Username + ";";
ConnectionString += "Password=" + Password + ";";
ConnectionString += "Initial Catalog=" + Database;
//#endregion
SqlConnection SQLConnection = new SqlConnection();
try
{
SQLConnection.ConnectionString = ConnectionString;
SQLConnection.Open();
// You can get the server version
// SQLConnection.ServerVersion
}
catch (Exception Ex)
{
// Try to close the connection
if (SQLConnection != null)
SQLConnection.Dispose();
// Create a (useful) error message
string ErrorMessage = "A error occurred while trying to connect to the server.";
ErrorMessage += Environment.NewLine;
ErrorMessage += Environment.NewLine;
ErrorMessage += Ex.Message;
// Show error message (this = the parent Form object)
Console.WriteLine(ErrorMessage + "Connection error.");
// Stop here
return;
}
string SQLStatement = "select Employee_no from employee where deptno =100";
// Create a SqlDataAdapter to get the results as DataTable
SqlDataAdapter SQLDataAdapter = new SqlDataAdapter(SQLStatement, SQLConnection);
// Create a new DataTable
DataTable dtResult = new DataTable();
// Fill the DataTable with the result of the SQL statement
SQLDataAdapter.Fill(dtResult);
// Loop through all entries
foreach (DataRow drRow in dtResult.Rows)
{
// Show a message box with the content of
// the "Name" column
Console.WriteLine(drRow["Employee_no"].ToString());
}
// We don't need the data adapter any more
SQLDataAdapter.Dispose();
SQLConnection.Close();
SQLConnection.Dispose();
selenium.Open("/");
selenium.WaitForPageToLoad("30000");
}

[ad#PostAD]

SQL Injection

SQL Injection is also know as HTML Injection. Passing SQL queries in the Addreess bar with the intend to break out the system. This is to check the site vulnerability. You may think while we doing the SQL injection how we will find out the site is vulnerable or not.
While passing this SQL injection. if we found any of this below means its be a bug
* should not display the records(index.asp?–Select * from sales). it should not display the sales record in the front end page
*should not show any Database name
* should not show any table name
* should not show any column name
* should not show any constraints(Primary key/foregin key names)

In real world Hackers can enter in to the site by passing SQL injection and do according to their needs. if any above issue they got they can easily enter in to the site and hack it.