C#语言Winform防SQl注入做用户登录的例子

using System;

using System.Collections.Generic;

using System.ComponentModel;

using System.Data;

using System.Drawing;

using System.Linq;

using System.Text;

using System.Windows.Forms;

using System.Data.SqlClient;

namespace OmyGod

{

public partial class Form1 : Form

{

private static string connectionString = "Data Source=.;Initial Catalog=Omy;Integrated Security=True";

public Form1()

{

InitializeComponent();

}

enum message

{

用户名或者密码输入错误 = 1,

登录成功 = 2,

}

public bool check(string name, string pass)

{

using (SqlConnection

conn = new SqlConnection(connectionString))

{

conn.Open();

SqlCommand cmd = new SqlCommand();

cmd.Connection = conn;

cmd.CommandText = "select * from auser where name = @name and pass = @pass";

cmd.Parameters.AddRange(

new SqlParameter[]{

new SqlParameter("@name",SqlDbType.VarChar){Value=this.name.Text},

new SqlParameter("@pass",SqlDbType.VarChar){Value=this.pass.Text},

});

cmd.ExecuteNonQuery();

SqlDataAdapter ada = new SqlDataAdapter(cmd);

DataSet ds = new DataSet();

ada.Fill(ds);

//return ds;

DataSet data = ds;

if (data.Tables[0].Rows.Count == 0)

{

MessageBox.Show((message.用户名或者密码输入错误).ToString());

}

else

{

index mm = new index();

mm.Show();

this.Hide();

// MessageBox.Show((message.登录成功).ToString());

}

return false;

}

}

//用户登录

private void button1_Click(object sender, EventArgs e)

{

string name = this.name.Text;

string pass = this.pass.Text;

check(name, pass);

}

private void button2_Click(object sender, EventArgs e)

{

this.Close();

}

}

}

这只是一个简单的防SQl注入的方法，但是不是能够全面的防SQl注入，，，