rushfrisby/bad_code.cs

## bad_code.cs
public interface IUserService
{
	User GetUser(string userName);
}

public static class UserService : IUserService
{
	public User GetUser(string userName)
	{
		using(var context = new SomeDbContext())
		{
			return context.Users.SqlQuery("SELECT * FROM [dbo].[User] WHERE [UserName]='" + userName + "'").First();
		}
	}
}

public class UserController
{
	public static int CurrentUserId { get; set; }
	private readonly IUserService _userService;

	public UserController(IUserService userService)
	{
		_userService = userService;
	}

	public ActionResult Login()
	{
		return View();
	}

	[HttpPost]
	public ActionResult Login(string userName, string password)
	{
		var user = _userService.GetUser(userName);
		if(user == null)
		{
			ViewBag.ErrorMessage = "User name does not exist";
		}
		else
		{
			if(user.Password == password)
			{
				CurrentUserId = user.Id;
				return RedirectToAction("Index");
			}
			else
			{
				ViewBag.ErrorMessage = "Incorrect password";
			}
		}

		return View();
	}
}
	public interface IUserService
	{
	User GetUser(string userName);
	}

	public static class UserService : IUserService
	{
	public User GetUser(string userName)
	{
	using(var context = new SomeDbContext())
	{
	return context.Users.SqlQuery("SELECT * FROM [dbo].[User] WHERE [UserName]='" + userName + "'").First();
	}
	}
	}

	public class UserController
	{
	public static int CurrentUserId { get; set; }
	private readonly IUserService _userService;

	public UserController(IUserService userService)
	{
	_userService = userService;
	}

	public ActionResult Login()
	{
	return View();
	}

	[HttpPost]
	public ActionResult Login(string userName, string password)
	{
	var user = _userService.GetUser(userName);
	if(user == null)
	{
	ViewBag.ErrorMessage = "User name does not exist";
	}
	else
	{
	if(user.Password == password)
	{
	CurrentUserId = user.Id;
	return RedirectToAction("Index");
	}
	else
	{
	ViewBag.ErrorMessage = "Incorrect password";
	}
	}

	return View();
	}
	}