For my login control I’m using parameters in an SQL statement. Trouble is if

Question

0

Asked: May 22, 20262026-05-22T02:52:29+00:00 2026-05-22T02:52:29+00:00

For my login control I’m using parameters in an SQL statement. Trouble is if

0

For my login control I’m using parameters in an SQL statement. Trouble is if people use SQLinjection, I’m afraid they’ll be able to get in too.

I have two textboxes and the values are passed on to an SQL statement, this checks whether the values are found in the DB.

Is there a way to make sure this isn’t possible? I know in PHP you need to use something infront of the textboxes.

Thanks for your time!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-22T02:52:30+00:00

Use parameters in your queries:

// C#
SqlCommand cmd = new SqlCommand("UPDATE Products SET description = @Description WHERE id = @ID");
cmd.Parameters.AddWithValue("@Description", "something");
cmd.Parameters.AddWithValue("@ID", 123);

And the equivalent in VB.net:

// VB.net
Dim cmd As New SqlCommand("UPDATE Products SET description = @Description WHERE id = @ID")
cmd.Parameters.AddWithValue("@Description", "something")
cmd.Parameters.AddWithValue("@ID", 123)

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

For my login control I’m using parameters in an SQL statement. Trouble is if

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply