c# 登录 防止sql注入 mysql数据库

写了个c#登录小程序，想要防止sql注入，但是网上都是sqlserver的，图1，自己对照着写了mysql版的，图2，亲测可用

 private void button1_Click(object sender, EventArgs e)        {            string constr = "server=localhost;User Id=root;password=;Database=card";            userName = user_name.Text.ToString();            //string conStringUserId = "Select * from userinfo where user_name='" + userName + "'";            string conStringUserId = "Select * from userinfo where user_name=@userName";            MySqlConnection mycon = new MySqlConnection(constr);            mycon.Open();            MySqlCommand mycmdWYL = new MySqlCommand(conStringUserId, mycon);            mycmdWYL.Parameters.AddRange(new MySqlParameter[] { new MySqlParameter("@username", MySqlDbType.String) { Value = user_name.Text.ToString() } });            MySqlDataReader myDRWYL = mycmdWYL.ExecuteReader();            string userPassword;            if (myDRWYL.Read())            {                userPassword = myDRWYL["user_password"].ToString();                if (user_password.Text == userPassword)                {                    this.Hide();                    Form1 form1 = new Form1();                    form1.Show();                }                else                {                    MessageBox.Show("密码错误！", "提示");                }                myDRWYL.Close();            }            else            {                MessageBox.Show("用户名不存在！", "提示");                myDRWYL.Close();            }            mycon.Close();        }