using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Web;

    /// <summary> Abstracts Database connectivity and provides SQL Injection Prevention Mechanism </summary>
    public static class DBUtils
    {

        /// <summary> Returns the results of a SQL Query in the form of a DataTable </summary>
        public static DataTable SQLSelect(SqlCommand cmdSQLQuery)
        {
            //Get connection string
            string conConnectionString = ConfigurationManager.ConnectionStrings["conString"].ConnectionString;
            SqlConnection SQLDatabaseConnection = new SqlConnection(conConnectionString);

            //Perform Command
            cmdSQLQuery.Connection = SQLDatabaseConnection;
            DataSet dsPageInfo = new DataSet();
            SqlDataAdapter daPageInfo = new SqlDataAdapter(cmdSQLQuery);
            SQLDatabaseConnection.Open();
            daPageInfo.Fill(dsPageInfo);
            SQLDatabaseConnection.Close();
            return dsPageInfo.Tables[0];
        }

        /// <summary> Executes a SQL Command </summary>
        public static void ExecuteSQLCommand(SqlCommand CommandToExecute)
        {
            //get connection sring
            string conConnectionString = ConfigurationManager.ConnectionStrings["conString"].ConnectionString;
            SqlConnection SQLDatabaseConnection = new SqlConnection(conConnectionString);

            //execute command
            CommandToExecute.Connection = SQLDatabaseConnection;
            SQLDatabaseConnection.Open();
            CommandToExecute.ExecuteNonQuery();
            SQLDatabaseConnection.Close();

        }
    }