---------------------- Windows Phone 7手机开发、.Net培训、期待与您交流! ----------------------
防止sql注入的一些代码:
Console.WriteLine("请输入用户名:");
string username = Console.ReadLine();
Console.WriteLine("请输入密码:");
string password = Console.ReadLine();//输入1' or '1'='1造成sql注入漏洞攻击
using(SqlConnection conn=new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDBFilename=|DataDirectory|\Database1.mdf;Integrated Security=True;User Instance=True"))
{
conn.Open();
using(SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select count(*) from t_Users where [email protected] and [email protected]";
cmd.Parameters.Add(new SqlParameter("UN",username));
cmd.Parameters.Add(new SqlParameter("P",password));
int i=Convert.ToInt32(cmd.ExecuteScalar());
if(i>0)
{
Console.WriteLine("登陆成功!");
}
else
{
Console.WriteLine("用户名或密码错误!");
}
}
}
Console.WriteLine("ok");
Console.ReadKey();
----------------------Windows Phone 7手机开发、.Net培训、期待与您交流! ----------------------
详细请查看:http://net.itheima.com/