---------------------- Windows Phone 7手機開發、.Net教育訓練、期待與您交流! ----------------------
防止sql注入的一些代碼:
Console.WriteLine("請輸入使用者名:");
string username = Console.ReadLine();
Console.WriteLine("請輸入密碼:");
string password = Console.ReadLine();//輸入1' or '1'='1造成sql注入漏洞攻擊
using(SqlConnection conn=new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDBFilename=|DataDirectory|\Database1.mdf;Integrated Security=True;User Instance=True"))
{
conn.Open();
using(SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select count(*) from t_Users where [email protected] and [email protected]";
cmd.Parameters.Add(new SqlParameter("UN",username));
cmd.Parameters.Add(new SqlParameter("P",password));
int i=Convert.ToInt32(cmd.ExecuteScalar());
if(i>0)
{
Console.WriteLine("登陸成功!");
}
else
{
Console.WriteLine("使用者名或密碼錯誤!");
}
}
}
Console.WriteLine("ok");
Console.ReadKey();
----------------------Windows Phone 7手機開發、.Net教育訓練、期待與您交流! ----------------------
詳細請檢視:http://net.itheima.com/