No way to do this as part of a script from SSMS, but you do have two options.
One thing you can do is use SQLCMD mode and the ::connect command in order to have a script that will connect to multiple servers and run the script. This works well if you save the script for the user and use the :r command to load the script from a file.
Another thing you can do is configure a Central Management Server and then run your script against multiple servers at once.
Your stored procedure, itself, in a vacuum, as written now, does not appear vulnerable to SQL injection... but that is not the only consideration, and is not the final answer.
It's always possible that it could be updated later and become vulnerable, but there's yet something else to consider.
For a much bigger potential problem, take one step back and look at your calling convention.
If someone could manage to pass the following string value to your application as txt_f8.Text... it would be obediently concatenated into your MySqlCommand()...
stuff'); GRANT ALL PRIVILEGES ON *.* TO 'hacker'@'%' IDENTIFIED BY 'pwn3d'; SELECT ('1
...then what would be executed by your server?
Possibly, nothing. Possibly, way too much.
This randomly-googled tutorial reinforces the point of not crafting queries with string concatenation, and using SqlParameter instead:
This situation invites a hacker to replace that string with something
malicious. In the worst case, you could give full control of your
computer away.
Instead of dynamically building a string, as shown in the bad example
above, use parameters. Anything placed into a parameter will be
treated as field data, not part of the SQL statement, which makes your
application much more secure.
Certainly not a good trade-off for having to do less typing.
I'm a MySQL DBA and not a .NET person, but from what I can tell from a quick search it appears that declaring CommandType.StoredProcedure
allows you to take better advantage of the capabilities of stored procedures, by making some of the parameters INOUT or OUT, and not just IN. This might be useful, for example, if you wanted one of the parameters to be the ID of the newly-inserted user, which the SP could return to your code.
If you don't need return values, you don't have to do it that way... but feedback/confirmation isn't usually a bad thing.
Best Answer
I take it back! Just stop using the Template Explorer. You can edit the files here:
For example if you edit the file:
Then right-click Stored Procedures and select New... and you will see the changes you made. I'm not sure why the Template Explorer exposes that item to you when it's not the one used in the menu. I couldn't figure out why making changes to the template didn't reflect what I was getting when I right-clicked in Object Explorer.
I'll leave the rest of the answer here for posterity. Especially the part about SQL Server 2012, since it handles snippets in a much more intuitive and useful way.
I
don'tdidn't believe youcancould interfere with what Management Studio adds to the template when you open them... as far as Icancould tell that comment is injected internally.But I have a better recommendation anyway: use SQL Server 2012 Management Studio and its new Snippets feature. Some benefits over templates:
Back in January, I wrote a detailed tip about setting up snippets:
http://www.mssqltips.com/sqlservertip/2589/use-sql-server-code-snippets-to-encourage-consistent-conventions/