What kind of changes i can make to this code to protect against sql injection?
private void button1_Click(object sender, EventArgs e)
{
string query = "INSERT INTO person (name_,age_)VALUES('" + txtFirstname.Text + "','" + int.Parse(txtAge.Text) + "')";
DB.OpenConnection();
DB.SqlQuery = query;
DB.ExecuteQuery();
DB.CloseConnection();
}
Something like below
string query = "INSERT INTO person (name_,age_) VALUES(@name,@age)";
MySqlCommand m = new MySqlCommand(query);
m.Parameters.AddWithValue("@name", txtFirstname.Text);
m.Parameters.AddWithValue("@age", int.Parse(txtAge.Text));
(OR)
m.Parameters.Add(new MySqlParameter("@name", txtFirstname.Text));
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.