SQL database string injection attack:
You need to use CMD. Parameters this collection
PLACEHOLDER: @key represent this position with the placeholder.
Parameters The data represented by this placeholder in this collection
Cmd. Parameters.clear (); --To empty the collection before adding the placeholder data
Cmd. Parameters.Add ("@pwd", PWD); --Placeholder content fills
Cmd. Parameters.Add ("@nname", nname);
Cmd. Parameters.Add ("@sex", (sex== "male")? " 1 ":" 0 ");
Cmd. Parameters.Add ("@bir", Birthday);
Cmd. Parameters.Add ("@nat", Nation);
Cmd. Parameters.Add ("@uname", uname);
-----------------------------------------------------------------
entity classes, data access classes:
Entity classes: Encapsulation
Encapsulates a class with a class name consistent with the database table name
The member variable name is consistent with the column name, one more underline
Properties that are encapsulated by member variables are consistent with the column names in the datasheet
Each row of data can be stored as an object, manipulating this object, is equivalent to a row of data for the overall operation
Data Access classes:
is to put some operations on the database, write it to a class separately, and block it into some way, waiting for the call
The structure will look very clear.
Three-tier development:
Interface Layer-UI layer
Business Logic Layer-C # code section
Data access Layer-entity classes and data access classes
ADO entity classes and data access classes