NpgsqlParameter parameter = new NpgsqlParameter("@name", NpgsqlTypes.NpgsqlDbType.Varchar); parameter.Value = "John"; string query = "SELECT * FROM users WHERE name = @name;"; NpgsqlCommand command = new NpgsqlCommand(query, connection); command.Parameters.Add(parameter);
string username = "admin"; string password = "password123"; string query = "SELECT * FROM users WHERE username = @username AND password = @password;"; NpgsqlCommand command = new NpgsqlCommand(query, connection); command.Parameters.AddWithValue("@username", username); command.Parameters.AddWithValue("@password", password);This code uses the AddWithValue method of the NpgsqlParameter class to specify parameters in a query and prevent SQL injection attacks by masking user input. This library is a third-party package for .NET and can be found in the NuGet package manager under the name 'Npgsql'.