Hi,

In Connector/NET you can only run a query per connection, you if you want to run multiple queries, you'll need a different connection per each one.

SQL injection is a delicate topic, to understand the concept, check this article for example:
http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php

Now the ways to prevent it are
- Sanitize your inputs (ie. make sure an integer to be contatenaced to a sql string is actually an integger, like running Int32.TryParse() before concat).
- Use stored procedures and send as argument any user input.
- Use prepared statements.

Some official recommendations against SQL injection for MySql: http://dev.mysql.com/tech-resources/articles/guide-to-php-security-ch3.pdf

Thanks.