MCQs>IT & Programming>ASP.NET>What is wrong with this code? string email = emailTextbox; string SQL = 'select * from users where username = '+email+' '; SqlCommand myCommand = new SQLCommand(SQL, myConnection) try { myConnection.Open(); SqlDataReader myReader=myCommand.ExecuteReader(); if (myReader.Read()) { ...
ASP.NET MCQs
What is wrong with this code? string email = emailTextbox; string SQL = "select * from users where username = "+email+" "; SqlCommand myCommand = new SQLCommand(SQL, myConnection) try { myConnection.Open(); SqlDataReader myReader=myCommand.ExecuteReader(); if (myReader.Read()) { ...
Answer
Correct Answer: the string email will not have the right value and the SQL is subject to injection attacks.
Explanation:
Note: This Question is unanswered, help us to find answer for this one