static void Main(string[] args)
{//442048086191605,140454
aa("442048086191605'--", "");
}
static void aa(string username, string pwd)
{
string sql = @"select * from boby_info where tid=@use and intBobyInfoID=@pwd";
SqlConnection conn = new SqlConnection("server=.;database=ManageDatas;uid=sa;pwd=sa;");
//SqlCommand cmd = new SqlCommand();
//cmd.Connection = conn;
//cmd.CommandText = sql;
//cmd.Parameters.Add("@use", SqlDbType.NVarChar, 20).Value = username;
//cmd.Parameters.Add("@pwd", SqlDbType.NVarChar, 20).Value = pwd;
//SqlDataAdapter sda = new SqlDataAdapter(cmd);
SqlDataAdapter sda = new SqlDataAdapter(sql, conn);
sda.SelectCommand.Parameters.Add("@use", SqlDbType.NVarChar, 20).Value = username;
sda.SelectCommand.Parameters.Add("@pwd", SqlDbType.NVarChar, 20).Value = pwd;
//sda.SelectCommand.Parameters["@use"].Value = username;
//sda.SelectCommand.Parameters["@pwd"].Value = pwd;
DataTable dt = new DataTable();
sda.Fill(dt);
}
