C# winform 防止sql注入代码

标签：参数化 sql c#   防注入式   

string sql = "select count(*) from zhuce where username=@username and pwd=@pwd and type = @type";
SqlConnection conn = new SqlConnection(Common.Context.SqlManager.CONN_STRING);
            conn.Open();

            SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add("@username",SqlDbType.VarChar，30);
cmd.Parameters.Add("@pwd",SqlDbType.VarChar，30);
cmd.Parameters.Add("@type",SqlDbType.VarChar，10);
cmd.Parameters["@username"].Value = username;
cmd.Parameters["@pwd"].Value = pwd;
cmd.Parameters["@type"].Value = power.Text;

            int count = Convert.ToInt32(cmd.ExecuteScalar());

            conn.Close();

C# winform 防止sql注入代码

标签：参数化 sql c#   防注入式   

原文地址：http://blog.csdn.net/u014180504/article/details/42421265