Example of SQL script injection

SQL script injection

 collectionstring sql= “SELECT COUNT(EmailName) FROM Users WHERE “ + “EmailName=@Username AND Password=@Password”;  
 sqlCommandcmd= new SqlCommand(sql, connection);  
 cmd.Parameters.Add(“@Username”, txtUsername);  
 cmd.Parameters.Add(“@Password”, txtPassword);  
 connection.Open();  
 intcount = (int)command.ExecuteScalar();  
 connection.Close()