Hello Forum,
Please is this SQL query used secured enough to guard against SQL attack?
How to scured login SQL query.
protected void Button1_Click(object sender, EventArgs e)
{
if (txtUsername.Text != "" & txtPassword.Text != "")
{
string check = "select count(*) from [Users] where email = '" + txtUsername.Text + "' and pass = '" + txtPassword.Text + "' ";
SqlCommand com = new SqlCommand(check, con);
con.Open();
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
con.Close();
if (temp == 1)
{
string user = txtUsername.Text.Trim();
com.CommandText = "select * from Users where email='" + txtUsername.Text + "'";
com.Connection = con;
sda.SelectCommand = com;
sda.Fill(ds, "detail");
if (ds.Tables[0].Rows.Count > 0)
{
Session["user"] = user;
txtUsername.Text = "";
txtPassword.Text = "";
Response.Redirect("Home.aspx");
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Invalid Username or Password";
txtPassword.Text = "";
txtPassword.Text = "";
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "All Fields are Required";
}
}
