黑马程序员 学习防注入攻击的用户名密码登陆页面

Console.WriteLine("请输入用户名：");

string username = Console.ReadLine();

Console.WriteLine("请输入密码：");

string password = Console.ReadLine();

using(SqlConnection con=new SqlConnection(@"Data Source=.;AttachDBFilename=|DataDirectory|\db1.mdf;Integrated Security=True;User Instence=True"))//创建数据库连接

{

con.Open();//打开连接

using(SqlCommand cmd=con.CreateCommand())//创建数据库查询

{

cmd.CommandText = "select count(*) from News where username=@username and password=@password";

cmd.Parameters.Add(new SqlParameter("username",username));//使用参数防止注入攻击

cmd.Parameters.Add(new SqlParameter("password", password));

int i = Convert.ToInt32(cmd.ExecuteScalar);

if (i < 0)//判断查询到的数据

{

Console.WriteLine("登录成功！");

}

else

{

Console.WriteLine("用户名不存在或密码错误！");

}

}

}