using (SqlConnection conn = new SqlConnection("Data Source=.; Initial Catalog=MyTest;User ID=sa;Password=sa"))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand ())
{
cmd.CommandText = "select * from studentInfo where name=@Name or age>@Age";
cmd.Parameters.Add(new SqlParameter("@Name",txtName.Text));
cmd.Parameters.Add(new SqlParameter("@Age", txtAge.Text));
using (SqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
string sName = reader.GetString(1);
MessageBox.Show(sName.ToString());
}
}
}
}
C# 中使用SqlParameter来防止sql注入
最新推荐文章于 2023-04-23 13:49:26 发布