标签:
1 "select * from T_stuff where name = ‘"+txtbox1.text+"‘";
1 "select * from student where name = ‘1‘ or ‘1‘=‘1‘"
1 cmd.CommandText = "select * from student where name =@name"; 2 cmd.Parameters.Add(new SqlParameter("@name",textBox1.Text));
标签:
原文地址:http://www.cnblogs.com/kaolalovemiaomiao/p/4707547.html