whats wrong with this code??(c1.CommandText = "insert into stu values='" + textBox1 + "','" + textBox2 + "'";)

by

Your code should be..

c1.CommandText = "insert into stu values('" + textBox1.Text + "','" + textBox2.Text + "')";

but I’d suggest you to use parameterized SQL query to avoid SQL injection attacks

here is how your query will look after parameterising

c1.CommandText = "insert into stu values(@textBox1, @textBox2)";

c1.Parameters.AddWithValue("@textBox1", textBox1.Text)
c1.Parameters.AddWithValue("@textBox2", textBox2.Text)

here is an useful link that will help you to know more about parameterized queries.

Using Parameterized queries to prevent SQL Injection Attacks in SQL Server

More Related Contents:

  1. 'Must declare the scalar variable "@thisuser".' [closed]
  2. C#: SQL Server Connection String
  3. SQL Server Char/VarChar DateTime Error [closed]
  4. How can I solve error in connection string in C#?
  5. Monitor all print queue job
  6. Remove weird characters ( A with hat) from SQL Server varchar column
  7. SQL Query slow in .NET application but instantaneous in SQL Server Management Studio
  8. Why should I use int instead of a byte or short in C#
  9. How to deploy application with sql server database on clients
  10. What represents a double in sql server?
  11. How to catch SQLServer timeout exceptions
  12. Use of SqlParameter in SQL LIKE clause not working
  13. SqlParameter does not allows Table name – other options without sql injection attack?
  14. Is there any way to embed power bi reports and dashboards in vb.net or C# desktop application with sql server 2008 database?
  15. How can I retrieve a list of parameters from a stored procedure in SQL Server
  16. What’s the fastest way to bulk insert a lot of data in SQL Server (C# client)
  17. DateTime’s representation in milliseconds?
  18. What’s the best way to test SQL Server connection programmatically?
  19. Entity Framework 6 transaction rollback
  20. Using SqlDataAdapter to insert a row
  21. How to pass string array in SQL parameter to IN clause in SQL
  22. Horrible performance using SqlCommand Async methods with large data
  23. The parameterized query ….. expects the parameter ‘@units’, which was not supplied
  24. Unable to load SqlServerSpatial.dll
  25. Query validation using C#
  26. Unable to connect to localDB in VS2012 – “A network-related or instance-specific error occurred while establishing a connection to SQL Server…”
  27. How to get nullable DateTime out of the database
  28. Use SQL Server time datatype in C#.NET application?
  29. Watch for a table new records in sql database
  30. Is SqlConnection.Close() need inside a Using statement?

Leave a Comment