防止SQL注入查询
string bl_name="ABC";
int bl_age=18;
using (SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDBFilename=|DataDirectory|\Database1.mdf;Integrated Security=True;User Instance=True"))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "insert into t_persons(f_name,f_age) values(@name,@age)";
cmd.Parameters.Add(new SqlParameter("name", bl_name));
cmd.Parameters.Add(new SqlParameter("age", bl_age));
cmd.ExecuteNonQuery();
}
}