• C#语言Winform防SQl注入做用户登录的例子

    using System;
    using System.Collections.Generic;
    using System.ComponentModel;
    using System.Data;
    using System.Drawing;
    using System.Linq;
    using System.Text;
    using System.Windows.Forms;
    using System.Data.SqlClient;

    namespace OmyGod
    {
        public partial class Form1 : Form
        {
            private static string connectionString = "Data Source=.;Initial Catalog=Omy;Integrated Security=True";

            public Form1()
            {
                InitializeComponent();
            }


            enum message
            {

                用户名或者密码输入错误 = 1,
                登录成功 = 2,

            }

            public bool check(string name, string pass)
            {
                using (SqlConnection
                    conn = new SqlConnection(connectionString))
                {
                    conn.Open();
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "select * from auser where name = @name and pass = @pass";
                    cmd.Parameters.AddRange(
                      new SqlParameter[]{
                      new  SqlParameter("@name",SqlDbType.VarChar){Value=this.name.Text},
                      new SqlParameter("@pass",SqlDbType.VarChar){Value=this.pass.Text},
                 });
                    cmd.ExecuteNonQuery();
                    SqlDataAdapter ada = new SqlDataAdapter(cmd);
                    DataSet ds = new DataSet();
                    ada.Fill(ds);
                    //return ds;
                    DataSet data = ds;
                    if (data.Tables[0].Rows.Count == 0)
                    {
                        MessageBox.Show((message.用户名或者密码输入错误).ToString());
                    }
                    else
                    {

                        index mm = new index();
                        mm.Show();
                        this.Hide();
                        //  MessageBox.Show((message.登录成功).ToString());
                    }
                    return false;

                }



            }


            //用户登录
            private void button1_Click(object sender, EventArgs e)
            {
                string name = this.name.Text;
                string pass = this.pass.Text;
                check(name, pass);

            }

            private void button2_Click(object sender, EventArgs e)
            {
                this.Close();
            }



        }
    }

    这只是一个简单的防SQl注入的方法,但是不是能够全面的防SQl注入,,,
  • 相关阅读:
    new和base的语法
    js常用代码
    无法识别connectionStrings
    DataTable
    字符串的操作时间格式化
    Facade外观模式(转载cnblogs)
    ArrayList下的循环绑定和循环删除
    自定义属性与事件委托相结合的实例
    泛型 开放类型和构造类型(基础学习)
    C#策略模式 摘自jspcool
  • 原文地址:https://www.cnblogs.com/OmySql/p/4872711.html
Copyright © 2020-2023  润新知