SQL-Injection-Example

1. namespace SQLInjection
2. {
3.     USING System;
4.     USING System.DATA.SqlClient;
5.  
6.     class Program
7.     {
8.         static void Main()
9.         {
10.             string connectionString = "Server=ACER-5253G\\SQLEXPRESS; Database=SoftUni; Trusted_Connection=True";
11.             SqlConnection connection = NEW SqlConnection(connectionString);
12.             connection.OPEN();
13.             USING (connection)
14.             {
15.                 Selecting("' OR 1 = 1 --", connection);
16.             }
17.  
18.         }
19.         static void Selecting(string nameOfFail, SqlConnection connection)
20.         {
21.             string selectionCommandString = $"SELECT * FROM JudgeFails WHERE NameOfFail = '{nameOfFail}'";
22.             SqlCommand command = NEW SqlCommand(selectionCommandString, connection);
23.             SqlDataReader reader = command.ExecuteReader();
24.             while (reader.READ())
25.             {
26.                 FOR (INT i = 0; i < reader.FieldCount; i++)
27.                 {
28.                     Console.WriteLine($"{reader[i]} ");
29.                 }
30.                 Console.WriteLine();
31.             }
32.             reader.Close();
33.         }
34.     }
35. }