---------------------- Windows Phone 7手机开发、、.Net培训、期待与您交流! ----------------------
using和SqlConnection的Close、Dispose方法
Close关闭后,还可用Open打开,Dispose是直接销毁,销毁后,不能用Open打开;using在出了作用域后调用Dispose,SqlConnection,FileStream等的内部都会做这样的判断。
注入漏洞和参数化查询:
select * from table_name where username=‘“+username+”’and password='"+password+"'
若是照这样写SQL语句,会产生注入漏洞,在不知道密码的情况下,如果用户在密码中输入这种形式:
x' or 'x'='x就可成功登陆。
应该使用参数化查询:
select * from table_name where username=@name and password=@pass
cmd.Parameters.Add(new SqlParameter("name",username));
cmd.Parameters.Add(new SqlParameter("pass",password));
创建一个从数据库中读取数据的WinForm程序,用于选择省市:
create table promary
(
proID int primary key,
proName nvarchar(50) not null
)
创建表省
create table city
(
cityID int not null,
cityName nvarchar(50) primary key,
proID int foreign key references promary(proID)
)
创建表市
部分核心代码:
从数据库中导入省信息
private void Form1_Load(object sender, EventArgs e)
{
using (SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;
AttachDBFilename=|DataDirectory|\ss.mdf;
Integrated Security=True;User Instance=True"))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select * from promary";
using (SqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
Province item = new Province();
item.ProName=reader.GetString(reader.GetOrdinal("proName"));
item.ProID=reader.GetInt32(reader.GetOrdinal("proID"));
cmb省.Items.Add(item);//此方法参数为object类型,此处添加一个province类型变量
}
}
}
}
}
从数据库中导入市信息
private void cmb省_SelectedIndexChanged(object sender, EventArgs e)
{
cmb市.Items.Clear();
Province p = (Province)cmb省.SelectedItem;
int proid = p.ProID;
using (SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;
AttachDBFilename=|DataDirectory|\ss.mdf;
Integrated Security=True;User Instance=True"))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select * from city where proID=@pid";
cmd.Parameters.Add(new SqlParameter("pid", proid));
using (SqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
string cityname = reader.GetString(reader.GetOrdinal("cityName"));
cmb市.Items.Add(cityname);
}
}
}
}
}
---------------------- Windows Phone 7手机开发、、.Net培训、期待与您交流! ----------------------