一、不防sql注入的sql写法如下所示:
string sql =$" select * from users where username = '" + username + "' and password = '" + password + "' "
二、防sql注入的sql写法如下所示:
string sql = select * from users where username = @username and password =@password
string sql =$" select * from users where username = '" + username + "' and password = '" + password + "' "
string sql = select * from users where username = @username and password =@password