Databases Reference
In-Depth Information
VB.NET
Private Sub ValidateCommandText(ByVal cmdText As String)
kwc = keywordSplit.Matches(cmdText)
keyWordCount = kwc.Count
Select Case keyWordCount
Case 4
sorting = True
filtering = True
' break
Case 3
If kwc(keyWordCount - 1).ToString.ToUpper = “WHERE” Then
filtering = True
Else
sorting = True
End If
Case Else
Throw (New ArgumentException(“Command Text should start with
'select <fields> from <tablename>'”))
End Select
ValidateTableName(cmdText)
ValidateFieldNames(cmdText)
If filtering Then
ValidateFiltering(cmdText)
End If
If sorting Then
ValidateSorting(cmdText)
End If
End Sub
The next step in the process is validating that the table name and the field names provided by the user are
valid. You have created methods specifically for this purpose. Shown below is the
ValidateTableName
method. In the member declaration section constant values were created indicating the assumed positions
of the keywords within the command text. The table name must immediately be followed by the
From
keyword. You then use the position of that keyword to locate the table name. Next, you check to see if
your internal
DataSet
contains this table. If so, the table name is valid; otherwise, it is invalid.
C#
private void ValidateTableName(string cmdText)
{
//Get tablename
//get 1st match starting at end of from
fieldMatch = fieldSplit.Match(cmdText,
(kwc[fromPosition].Index) + kwc[fromPosition].Length+1);
if(fieldMatch.Success)
{
if(this.dataSet.Tables.Contains(fieldMatch.Value))
{
this.tableName = fieldMatch.Value;
}
else
Search WWH ::
Custom Search