How to prevent Database SQL Injection in ASP.Net

You can use parameterized query to prevent sql injection attacks. Like this..

protected void ENTER_Click(object sender, EventArgs e)
        {
           using (MySqlConnection conn = new MySqlConnection("server=localhost;User Id=root;Password=root;Persist Security Info=True;database= data"))
            {
                conn.Open();
                string query = @"SELECT * FROM data WHERE user =@userid AND password =@password";
                MySqlCommand cmd = new MySqlCommand(query, conn);
                cmd.Parameters.AddWithValue("@userid", txtuser.Text.Trim());
                cmd.Parameters.AddWithValue("@password", txtpassword.Text.Trim());
                MySqlDataReader reader = cmd.ExecuteReader();
                if (reader.Read())
                {
                    Session["id"] = Convert.ToInt32(reader["id"]);
                    Response.Redirect("Frames.aspx");
                }
            }
        }