Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // assuming that the below code is in a on button click method, what would be the best way of making sure a user cannot inject code into the username textbox? (it may be in the "SqlDataAdapter" line)
- SqlConnection sqlConnection = new SqlConnection("Data Source=mssqlinstllation\\databasename;Initial Catalog=TestLogin;Integrated Security=True");
- SqlDataAdapter sqlDataAdapter = new SqlDataAdapter("Select Count(*) From LoginTable where Username= '" + textBoxUsername.Text + "' and Password = '" + textBoxPassword.Text + "'", sqlConnection);
- DataTable dataTable = new DataTable();
- sqlDataAdapter.Fill(dataTable);
- if (dataTable.Rows[0][0].ToString() == "1")
- {
- MainForm mainForm = new MainForm();
- mainForm.Show();
- this.Hide();
- }
- else // if it is not in database
- {
- MessageBox.Show("The Username and/or Password are incorrect!", "Invalid login infomation!", MessageBoxButtons.OK, MessageBoxIcon.Error);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
