You create a Windows Forms application by using Microsoft Visual Studio .NET 2008 and the .NET Framework 3.5.
The application contains the following code segment.
public DataSet GetProductByID(string ProductID)
{
DataSet ds = new DataSet(“ProductList”);
string SqlSelectCommand = “Select * FROM PRODUCTS WHERE PRODUCTID=” + ProductID;
try
{
SqlDataAdapter da = new SqlDataAdapter();
SqlConnection cn = new SqlConnection(GetConnectionString());
SqlCommand cmd = new SqlCommand(SqlSelectCommand);
cmd.CommandType = CommandType.Text;
cn.Open();
da.Fill(ds);
cn.Close();
}
catch (Exception ex)
{
string msg = ex.Message.ToString();
//Perform Exception Handling Here
}
return ds;
}
You need to ensure that the code segment is as secure as possible.
What should you do?
A.
Ensure that the connection string is encrypted.
B.
Use a StringBuilder class to construct the SqlSelectCommand string.
C.
Add a parameter to the cmd object and populate the object by using the ProductID string.
D.
Replace the SELECT * statement in the SqlSelectCommand string with the SELECT <column list> statement.