daily pastebin goal
16%
SHARE
TWEET

c# mssql injection error

a guest Jul 11th, 2018 89 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // assuming that the below code is in a on button click method, what would be the best way of making sure a user cannot inject code into the username textbox? (it may be in the "SqlDataAdapter" line)
  2.  
  3. SqlConnection sqlConnection = new SqlConnection("Data Source=mssqlinstllation\\databasename;Initial Catalog=TestLogin;Integrated Security=True");
  4. SqlDataAdapter sqlDataAdapter = new SqlDataAdapter("Select Count(*) From LoginTable where Username= '" + textBoxUsername.Text + "' and Password = '" + textBoxPassword.Text + "'", sqlConnection);
  5. DataTable dataTable = new DataTable();
  6. sqlDataAdapter.Fill(dataTable);
  7.  
  8. if (dataTable.Rows[0][0].ToString() == "1")
  9. {
  10.     MainForm mainForm = new MainForm();
  11.     mainForm.Show();
  12.     this.Hide();
  13. }
  14. else // if it is not in database
  15. {
  16.     MessageBox.Show("The Username and/or Password are incorrect!", "Invalid login infomation!", MessageBoxButtons.OK, MessageBoxIcon.Error);
  17. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top