黑马程序员 学习防注入攻击的用户名密码登陆页面
Console.WriteLine("请输入用户名:");
string username = Console.ReadLine();
Console.WriteLine("请输入密码:");
string password = Console.ReadLine();
using(SqlConnection con=new SqlConnection(@"Data Source=.;AttachDBFilename=|DataDirectory|\db1.mdf;Integrated Security=True;User Instence=True"))//创建数据库连接
{
con.Open();//打开连接
using(SqlCommand cmd=con.CreateCommand())//创建数据库查询
{
cmd.CommandText = "select count(*) from News where username=@username and password=@password";
cmd.Parameters.Add(new SqlParameter("username",username));//使用参数防止注入攻击
cmd.Parameters.Add(new SqlParameter("password", password));
int i = Convert.ToInt32(cmd.ExecuteScalar);
if (i < 0)//判断查询到的数据
{
Console.WriteLine("登录成功!");
}
else
{
Console.WriteLine("用户名不存在或密码错误!");
}
}
}