SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,675 questions
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I want to connect My Project To SQL Using this Method But It doesn't Compile
SqlConnection Con = new SqlConnection("Data Source= DARKHUNTER; Database= FirstProject; Integrated security = true ");
Con.Open();
SqlCommand cmd = new SqlCommand("select * From Accunts Where Username = '" + txtUserName.Text + "'And Password = '" + txtPassWord.Text + "'". Con);
This line of code is a security issue.
SqlCommand cmd = new SqlCommand("select * From Accunts Where Username = '" + txtUserName.Text + "'And Password = '" + txtPassWord.Text + "'". Con);
It opens you up to Sql injection. Someone could enter ' or 1=1 -- into the txtUserName and be able to log in
Use SQL parameters to prevent this
SqlCommand cmd = new SqlCommand("select * From Accunts Where Username = @UserName'And Password =@Password". Con);
cmd.Parameters.AddWithValue("@UserName",txtUserName.Text);
cmd.Parameters.AddWithValue("@Password", txtPassWord.Text);