代码:
OracleCommand ocmd = new OracleCommand("select count(*) from logininfo where name=:name and password=:ps", ocnn);
ocmd.Parameters.Add(new OracleParameter("name", OracleType.VarChar,50));
ocmd.Parameters["name"].Value = TextBox1.Text;
ocmd.Parameters.Add(new OracleParameter("ps", OracleType.NVarChar,50));
ocmd.Parameters["ps"].Value = FormsAuthentication.HashPasswordForStoringInConfigFile(TextBox2.Text, "MD5");
int i = Convert.ToInt32(ocmd.ExecuteScalar());
注意:
oracle的防注入式里面的参数是":name”.
SQL的防注入式里面的参数是"@name".