Feelings about Mysql + asp.net injection supporting multiple statements

A chart is displayed in a foreigner's article, so Mysql + Asp. Net injection supports multiple statements.

Really? A bit unconvinced. I tested it:

Protected void Page_Load (object sender, EventArgs e)
{
Try
{
Response. Write ("using Mysql. Data. MySqlClient <br/> ");
String myConnectionString = "server = localhost; user id = root; password = 123456; database = test ";
MySqlConnection myConnection = new MySqlConnection (myConnectionString );
String myQuery = "select * from admin where id =" + Request. QueryString ["id"];
Response. Write ("SQL:" + myQuery + "<br/> ");
MySqlCommand myCommand = new MySqlCommand (myQuery, myConnection );
MyConnection. Open ();
MyCommand. ExecuteReader ();
MyCommand. Connection. Close ();
}
Catch (MySqlException err)
{
Response. Write ("Error:" + err. Message );
}

// Try
//{
// Response. Write ("using Mysql ODBC driver <br/> ");
// String myConnectionString = "DRIVER = {MySQL ODBC 3.51 Driver}; SERVER = localhost; DATABASE = test; UID = root; PASSWORD = 123456; OPTION = 3 ";
// String myQuery = "select * from admin where id =" + Request. QueryString ["id"];
// Response. Write ("SQL:" + myQuery + "<br/> ");
// OdbcConnection myConnection = new OdbcConnection (myConnectionString );
// OdbcCommand myCommand = new OdbcCommand (myQuery, myConnection );
// MyConnection. Open ();
// MyCommand. ExecuteReader ();
// MyCommand. Connection. Close ();
//}
// Catch (OleDbException err)
//{
// Response. Write ("Error:" + err. Message );
//}
}

There are two common methods for connecting to mysql. One is using Mysql. Data. MySqlClient. The two try methods use a more traditional odbc method.

Step 1: comment out the first code segment and accessHttp: // localhost: 2928/MysqlInj_test/MysqlInj_test.aspx? Id = 1; createTable test (I int) returns the following error message:

A server error occurs in the "/MysqlInj_test" application.
--------------------------------------------------------------------------------

ERROR [42000] [MySQL] [ODBC 3.51 Driver] [mysqld-5.0.45-community-nt] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near; create table test (I int) at line 1

The test table is not created under the test database.

Step 2: comment out the second code segment and refresh the page. Page return

Use Mysql. Data. MySqlClient

SQL: select * from admin where id = 1; create table test (I int)

Press F5 to refresh the page and get the following message:

Use Mysql. Data. MySqlClient

SQL: select * from admin where id = 1; create table test (I int)
Error: Table test already exists

Run to the test database and check that a table named test has been created. Hey, it seems that foreigners are telling the truth, but it's half right.

It turns out that Mysql can execute multiple statements, which is closely related to the database driver that processes it. I don't know if it is an absolute contact, but it is at least an important factor.

In a broader sense?