我使用C#登录并在Windows窗体中注册表单。有人可以修改我的代码以防止mysql注入攻击吗?
我还需要在代码中添加什么?
//MySql Connection
try
{
string myConnection = "datasource=localhost;port=3306;username=root;password=ally123;";
MySqlConnection myConn = new MySqlConnection(myConnection);
MySqlCommand selectCommand = new MySqlCommand("select * from justinsdatabase.login where username='" + this.txtBoxUser.Text + "' and password='" + this.txtBoxPw.Text + "';", myConn);
MySqlDataReader myReader;
myConn.Open();
myReader = selectCommand.ExecuteReader();
int count = 0;
while (myReader.Read())
{
count = count + 1;
}
if (count == 1)
{
MessageBox.Show("Login sucessful.");
Close();
MainMenu menu = new MainMenu();
Hide();
menu.Show();
}
else if (count > 1)
{
MessageBox.Show("Duplicate username/password.");
}
else
{
MessageBox.Show("Username or password is incorrect.");
myConn.Close();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
//End MySQL Connection