C# - How to prevent a MySQL attack?

Question

I made a login and register form in windows form using C#. Could somebody modify my code in a way to prevent a mysql injection attack?

What else do I need to add in the code?

 //MySql Connection
        try
        {
            string myConnection = "datasource=localhost;port=3306;username=root;password=ally123;";
            MySqlConnection myConn = new MySqlConnection(myConnection);

            MySqlCommand selectCommand = new MySqlCommand("select * from justinsdatabase.login where username='" + this.txtBoxUser.Text + "' and password='" + this.txtBoxPw.Text + "';", myConn);


            MySqlDataReader myReader;
            myConn.Open();
            myReader = selectCommand.ExecuteReader();
            int count = 0;
            while (myReader.Read())
            {
                count = count + 1;
            }
            if (count == 1)
            {
                MessageBox.Show("Login sucessful.");
                Close();
                MainMenu menu = new MainMenu();
                Hide();
                menu.Show();
            }
            else if (count > 1)
            {
                MessageBox.Show("Duplicate username/password.");
            }
            else
            {
                MessageBox.Show("Username or password is incorrect.");
                myConn.Close();
            }
        }
        catch (Exception ex)
        {
            MessageBox.Show(ex.Message);
        }
        //End MySQL Connection

You mean SQL Injection? Read: [How To: Protect From SQL Injection in ASP.NET](https://msdn.microsoft.com/en-us/library/ff648339.aspx) — Soner Gönül, Apr 22 '15 at 06:11
You use parameterized SQL instead of building the SQL up in code... — Jon Skeet, Apr 22 '15 at 06:12

C# - How to prevent a MySQL attack?

0 Answers0