i want to search name form table but problem is tha when some one write query it also give value by this any one can delete my data to pls tell me a way to remove sql injetcion
protected void Button2_Click1(object sender, EventArgs e)
{
//SqlCommand cmd = new SqlCommand("DELETE FROM student WHERE ID=id", con);
//cmd.ExecuteNonQuery();
SqlDataAdapter adap = new SqlDataAdapter("SELECT ID,Firstname,Lastname,Email,Username,Password from student where Firstname='" + TextBox2.Text + "'", con);
adap.Fill(ds);
grd_view.DataSource = ds;
grd_view.DataBind();
if (TextBox2.Text == "Firstname")
{
Response.Redirect("Default.aspx");
}
}