protected void button2_click(object sender, eventargs e) { using (sqlconnection con = new sqlconnection()) { con.connectionstring = @"admin\localhost;initial catalog=maha;integrated security=true"; con.open(); sqlcommand cmd = new sqlcommand("insert dbo.student values ('" + tb1.text + "','" + tb2.text + "','" + tb3.text + "','" + @rm + "')", con); cmd.executenonquery(); con.close(); } }
the connection string wrong on admin\localhost , there come error message.
must like:
con.connectionstring = @"data source=localhost;initial catalog=maha;integrated security=true"; beside must parameterize query , avoid sql injection https://stackoverflow.com/search?q=sql+injection
how sql injection "bobby tables" xkcd comic work?
and can read: setting connection string in asp.net sql server
Comments
Post a Comment