ADO.NET改进防注入
static void Main1(string[] args)
{
//用户输入一个需要查询的条件 car表
Console.WriteLine("请输入");
string code = Console.ReadLine();
SqlConnection conn = new SqlConnection("server=.;database=mydb;user=sa;pwd=100867");
SqlCommand cmd= conn.CreateCommand();
cmd.CommandText = "select * from car where code=@code";
//给变量绑定参数
cmd.Parameters.AddWithValue("@code",code); 分两部分输出
conn.Open();
SqlDataReader dr= cmd.ExecuteReader();
if(dr.HasRows)
{
while (dr.Read())
{
Console.WriteLine("");
}
}
conn.Close();
Console.ReadLine();
}
