运用参数可防止一些sql攻击
public bool judIDPW(string CustomerName, string CustomerPassword)
{
OleDbParameter par1 = new OleDbParameter();
par1.ParameterName = "@CustomerName";
par1.Value = CustomerName;
OleDbParameter par2 = new OleDbParameter();
par2.ParameterName = "@CustomerPassword";
par2.Value =Security.Encrypt(CustomerPassword);
OleDbCommand cmd = new OleDbCommand("select CustomerID from Customers where CustomerName=@Customer and CustomerPassword=@CustomerPassword", con);
cmd.Parameters.Add(par1);
cmd.Parameters.Add(par2);
con.Open();
OleDbDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
con.Close();
return true;
}
else
{
con.Close();
return false;
}
}