c# mysql data validation against SQL Injection

Asked Mar 13 '15 at 02:03

Active Mar 13 '15 at 02:03

Viewed 38 times

I want to know if there are any commands that you can use in C# that can protect against SQL Injection.

I have a program that is connected to my database, I want to ensure that they cannot enter any malicious code through a text box or other means.

 string Query = "Update users SET Calories = @Calories WHERE username = '" + txtName.Text + "' AND Day = '" + cboDayofWeek.Text + "'";
                MySqlCommand cmd = new MySqlCommand(Query, Conn);
                cmd.Parameters.AddWithValue("@Calories", txtCalories.Text);

asked Mar 13 '15 at 02:03

Allahu Akbar

1

You're parameterising `@Calories`. Why not do the same with your other literals? – eggyal Mar 13 '15 at 02:05
I see, and does parameterising invalidate any attempt of malicious code? – Allahu Akbar Mar 13 '15 at 02:07
Short of there being exploitable bugs in the implementation, it will prevent all forms of SQL injection. – eggyal Mar 13 '15 at 02:08

c# mysql data validation against SQL Injection

0 Answers0