wip: add c# version of sql injection code

SqliDemo/Injectable.cs

@@ -0,0 +1,68 @@
+using System;
+using Microsoft.Data.Sqlite;
+using System.Diagnostics;
+using System.IO;
+
+class Injectable
+{
+    static string GetUserInput()
+    {
+        Console.WriteLine("Hello, World!");
+        Console.WriteLine("*** Welcome to sql injection ***");
+        Console.Write("Please enter name: ");
+        string input = Console.ReadLine()?.Trim() ?? string.Empty;
+        return input;
+    }
+
+    static int GetNewId()
+    {
+        return Process.GetCurrentProcess().Id;
+    }
+
+static void WriteInfo(int id, string info)
+{
+    const string connectionString = "Data Source=users.sqlite";
+    using (var connection = new SqliteConnection(connectionString))
+    {
+        connection.Open();
+        // '{info.Replace("'", "''")}')" has no vulnerability
+        string query = $"INSERT INTO users VALUES ({id}, '{info}')";
+        Console.WriteLine($"Running query: {query}");
+
+        using (var command = new SqliteCommand(query, connection))
+        {
+            try
+            {
+                command.ExecuteNonQuery();
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine($"Error executing query: {ex.Message}");
+            }
+        }
+    }
+}
+
+
+    static void Main()
+    {
+        Console.WriteLine("sqli started");
+
+        string info;
+        try
+        {
+            info = GetUserInput();
+        }
+        catch (Exception ex)
+        {
+            Console.WriteLine($"GetUserInput failed: {ex.Message}");
+            Environment.Exit(1);
+            return; // Unreachable but keeps the compiler happy
+        }
+
+        int id = GetNewId();
+        WriteInfo(id, info);
+
+        Console.WriteLine("sqli finished");
+    }
+}