Skip to main content

Posts

Showing posts with the label connection

Example of SQL script injection

SQL script injection collectionstring sql= “SELECT COUNT(EmailName) FROM Users WHERE “ + “EmailName=@Username AND Password=@Password”; sqlCommandcmd= new SqlCommand(sql, connection); cmd.Parameters.Add(“@Username”, txtUsername); cmd.Parameters.Add(“@Password”, txtPassword); connection.Open(); intcount = (int)command.ExecuteScalar(); connection.Close()