简单的登陆程序演示参数化查询方式、涉及数据库操作时切忌把用户输入的信息直接与SQL语句拼接、用户输入的信息永远是不安全的、
01 namespace DemoConsoleApplication
02 {03 class Program
04 {
05 //数据库连接字符串、根据实际修改
06 private const string ConnectionString = @"Data Source=|DataDirectory|\Database1.sdf";
07
08 static void Main( string [] args)
09 {
10 //获取用户输入的内容
11 Console . WriteLine( "请输入用户名");
12 string Passport = Console . ReadLine();
13 Console . WriteLine( "请输入密码");
14 string Password = Console . ReadLine();
15
16 using ( SqlConnection Conn = new SqlConnection( ConnectionString))
17 {
18 Conn . Open(); //打开数据库
19 using ( SqlCommand Cmd = Conn . CreateCommand())
20 {
21 Cmd . CommandText = "select * from TB_Users where passport=@UN and password=@PWD";
22 Cmd . Parameters . Add( new SqlParameter( "UN" , Passport));
23 Cmd . Parameters . Add( new SqlParameter( "PWD" , Password));
24
25 if ( 1 == Cmd . ExecuteNonQuery())
26 Console . WriteLine( "登陆成功!");
27 else
28 Console . WriteLine( "登陆失败!");
29 }
30 }
31
32 Console . ReadKey(); //防止控制台程序一闪而过、而看不到输出结果
33 }
34 }
35 }