防止注入
protected int Mylogin(string table,string name,string pwd)
{
string MyConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["SMS"].ConnectionString;
SqlConnection conn = new SqlConnection(MyConnectionString);
conn.Open();
string strSql = "";
if (table == "admin")
{
strSql += "select * from " + table + " where name = @name and pwd = @pwd ";
}
else
{
strSql += "select * from logininfo where name=@name and password = @pwd and type='2' ";
}
SqlCommand cmd = new SqlCommand(strSql, conn);
cmd.Parameters.Add("name", System.Data.SqlDbType.Char, 20).Value = name;
cmd.Parameters.Add("pwd", System.Data.SqlDbType.Char, 20).Value = pwd;
int i = Convert.ToInt32(cmd.ExecuteScalar());
cmd.Dispose();
conn.Close();
conn.Dispose();
return i;
}