0

I'm trying to access a SQL Server database, via IP, with this code:

string sqlAsk = "SELECT * " +
        "FROM  'account' " +
        "WHERE Name      =" + accountName + " " + 
        "AND   Password  =" + accountPass + " " + 
        "AND   Validation=  1";

string connectionString = "Data Source=[IP], [PORT]; Network Library=DBMSSOCN; Database=[...]; Trusted_Connection=true";

using (SqlConnection connection = new SqlConnection(connectionString))
{
    connection.Open();

    command = new SqlCommand(sqlAsk, connection);
    dataReader = command.ExecuteReader();

    while (dataReader.Read())
    {
        sqlResult = dataReader.GetValue(0).ToString();
    }

    dataReader.Close();
    command.Dispose();
}

I expect this to do either give me all values with the specified accountname and password and then the method at the end returns either true, or false (check if the user exists).

But what I get is this:

IOException: Connection lost

Mono.Data.Tds.Protocol.TdsComm.GetPhysicalPacketHeader () (at connection.Open();)

The Visual Studio Debug (SqlConnection connection) shows this:

Error

And none of the documented ways of setting a ServerVersion for the connection string work: Type System Version (on Microsofts .NET doc) leads to "keyword invalid"

Cœur
  • 37,241
  • 25
  • 195
  • 267
Toreole
  • 33
  • 1
  • 10
  • What is the `sqlResult`?? You use it in your code - but you don't show what it's defined as .... – marc_s Dec 10 '17 at 18:12
  • 1
    [SQL Injection alert](http://msdn.microsoft.com/en-us/library/ms161953%28v=sql.105%29.aspx) - you should **not** concatenate together your SQL statements - use **parametrized queries** instead to avoid SQL injection - check out [Little Bobby Tables](https://xkcd.com/327/) – marc_s Dec 10 '17 at 18:12
  • @marc_s : string sqlResult = ""; – Toreole Dec 10 '17 at 18:13

0 Answers0