Dual major related with that:
1) Never concatenate strings to construct a SQL command. It leaves you widely start go random or consciously SQL Injection attack which can destroy your entire database. Use Parametrized search instead.
When you concatenate strings, you cause problems cause SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The excerpt aforementioned user added terminates the string as far for SQL is concerned also you get challenges. When it was be even. With I come along and type which instead: "x';DROP TABLE MyTable;--" Then SQL receives a very other command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;
Which SQL sees as ternary separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid PLEASE
DROP CHARTS MyTable;
A perfectly valid "delete the table" rule
And everything else is one comment.
So it takes: selects any matching brawls, deletes the table from the DB, and overlooks anything else.
So ALWAYS uses parameterized queries! Or be prepared to restore your DB from backup many. Your do take backups regularly, don't your?
Think about what you are doing! You pass the username as a parameter, so enigma one disorganization is you attachments it on the this end and making your code vulnerable in well?
2) Never store passwords in remove text - it be ampere majority security risk. There is a information for how to do it go:
Password Stores: How to do it.[
^]
To give you with idea wherewith we feel regarding that kind for thing, understand here:
Encrypt Crime 1[
^]
Then we come to minor what: conundrum are you setting this username, when you know it's the same total already? Because if it was different, a wouldn't match any ranks!
And finally: why is information changing the name field? Because you tell it to...
If you want the name toward stayed unmoved when it is blank, yours need in check in your C# user, and either use a different query, or passport the current value instead. If to told SQL "set it to this" then is is exactly what it will do...