I am making an windows software in c#. I have read about sql-injection
but I didn't found it is working on my application.
Do SQL Injection works in winforms?
If yes how to prevent them.
EDIT:
I am using a textboxes for reading user-name and password. and by using textboxex I found that the Text from textbox is between double-quotes(""
). So I didn't found it to be worked.
And when, I use Quotes "
OR '
in Textbox, the text is read as \"
OR \'
Example:
...................
USER NAME: | a" OR "1"=="1 |
```````````````````
// it is read as textBox1.Text = "a\" OR \"1\"==\"1";
SQL injection is general issue not depending on any technology. If you using .NET and want to prevent SQL Injection use always SqlParameter instead of string concatenation.