ASP. NET PHP Injection Page construction

Mssql:

<!--#include file= "conn.asp"-->
<%
Hid=request. QueryString ("id")
Sql= "SELECT * from admin where id=" &hid
Set Rs=conn.execute (SQL)
%>

Access:

<%
db= "Aspzhuru.mdb" here Modify the database path or name
Set conn = Server.CreateObject ("ADODB. Connection ")
Dbpath= "Provider=Microsoft.Jet.OLEDB.4.0;Data source=" & Server.MapPath (DB)
Conn. Open DBPath
%>

Php:

?
$mysql _server_name = "localhost";
$mysql _username = "root";
$mysql _password = "password";
$mysql _database = "PHPZR";
$conn =mysql_connect ($mysql _server_name, $mysql _username, $mysql _password);
mysql_select_db ($mysql _database, $conn);
$id =$_get[' id '];
$sql = "Select Username,password from admin where id= $id";
$result =mysql_db_query ($mysql _database, $sql, $conn);
$row =mysql_fetch_row ($result);
?>

. NET (placed in code file. cs):

Using System.Data;
Using System.Configuration;
Using System.Collections;
Using System.Web;
Using System.Web.Security;
Using System.Web.UI;
Using System.Web.UI.WebControls;
Using System.Web.UI.WebControls.WebParts;
Using System.Web.UI.HtmlControls;
Using System.Data.SqlClient;
public partial class Default2:System.Web.UI.Page
{

protected void Page_Load (object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection ();
Conn. ConnectionString = configurationmanager.connectionstrings["studyconnectionstring"]. ToString ();
Conn. Open ();
SqlCommand cmd = new SqlCommand ("SELECT * from [table] where id=" + this. page.request.params["GetID"], conn);
Cmd. ExecuteNonQuery ();
This. Page.registerclientscriptblock ("Script", "<script>alert (' injected success ') </script>");
}
}