你的位置:首页 > ASP.net教程

[ASP.net教程]C#语言Winform防SQl注入做用户登录的例子


using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Windows.Forms; using System.Data.SqlClient;

namespace OmyGod {     public partial class Form1 : Form     {         private static string connectionString = "Data Source=.;Initial Catalog=Omy;Integrated Security=True";                   public Form1()         {             InitializeComponent();         }

              enum message         {

            用户名或者密码输入错误 = 1,             登录成功 = 2,

        }

        public  bool    check(string name, string pass)         {             using (SqlConnection                 conn = new SqlConnection(connectionString))             {                 conn.Open();                 SqlCommand cmd = new SqlCommand();                 cmd.Connection = conn;                 cmd.CommandText = "select * from auser where name = @name and pass = @pass";                 cmd.Parameters.AddRange(                   new SqlParameter[]{                   new  SqlParameter("@name",SqlDbType.VarChar){Value=this.name.Text},                   new SqlParameter("@pass",SqlDbType.VarChar){Value=this.pass.Text},              });                cmd.ExecuteNonQuery();                 SqlDataAdapter ada = new SqlDataAdapter(cmd);                 DataSet ds = new DataSet();                 ada.Fill(ds);                  //return ds;                  DataSet data = ds;                  if (data.Tables[0].Rows.Count == 0)                  {                      MessageBox.Show((message.用户名或者密码输入错误).ToString());                  }                  else {

                     index mm = new index();                      mm.Show();                      this.Close();                      //MessageBox.Show((message.登录成功).ToString());                  }                  return false;

            }            

                  }

               //用户登录         private void button1_Click(object sender, EventArgs e)         {             string name = this.name.Text;             string pass = this.pass.Text;             check(name,pass);                       }

        private void button2_Click(object sender, EventArgs e)         {             this.Close();         }   

    } }

 

 

这只是一个简单的防SQl注入的方法,但是不是能够全面的防SQl注入,,,