using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;
namespace OmyGod
{
public partial class Form1 : Form
{
private static string connectionString = "Data Source=.;Initial Catalog=Omy;Integrated Security=True";
public Form1()
{
InitializeComponent();
}
enum message
{
用户名或者密码输入错误 = 1,
登录成功 = 2,
}
public bool check(string name, string pass)
{
using (SqlConnection
conn = new SqlConnection(connectionString))
{
conn.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = conn;
cmd.CommandText = "select * from auser where name = @name and pass = @pass";
cmd.Parameters.AddRange(
new SqlParameter[]{
new SqlParameter("@name",SqlDbType.VarChar){Value=this.name.Text},
new SqlParameter("@pass",SqlDbType.VarChar){Value=this.pass.Text},
});
cmd.ExecuteNonQuery();
SqlDataAdapter ada = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
ada.Fill(ds);
//return ds;
DataSet data = ds;
if (data.Tables[0].Rows.Count == 0)
{
MessageBox.Show((message.用户名或者密码输入错误).ToString());
}
else
{
index mm = new index();
mm.Show();
this.Hide();
// MessageBox.Show((message.登录成功).ToString());
}
return false;
}
}
//用户登录
private void button1_Click(object sender, EventArgs e)
{
string name = this.name.Text;
string pass = this.pass.Text;
check(name, pass);
}
private void button2_Click(object sender, EventArgs e)
{
this.Close();
}
}
}
这只是一个简单的防SQl注入的方法,但是不是能够全面的防SQl注入,,,
