Using System; Using System.Collections.Generic; Using System.ComponentModel; Using System.Data; Using System.Drawing; Using System.Linq; Using System.Text; Using System.Windows.Forms; Using System.Data.SqlClient;
namespace Omygod {public partial class Form1:form {private static string connectionString = "Data sour Ce=.;i Nitial catalog=omy;integrated security=true "; Public Form1 () {InitializeComponent (); }
Enum Message {
Username or password input error = 1, login success = 2,
}
public bool Check (string name, String pass) { using ( SqlConnection conn = New SqlConnection (connectionString) { Conn. Open (); SqlCommand cmd = new SqlCommand (); cmd. Connection = conn; cmd. CommandText = "Select * from auser where name = @name and pass = @pass"; cmd. Parameters.addrange ( New sqlparameter[]{ new SqlParameter ("@name", SqlDbType.VarChar) {value=this.name.text}, New SqlParameter ("@ Pass ", SqlDbType.VarChar) {value=this.pass.text}, }); cmd. ExecuteNonQuery (); SqlDataAdapter ada = New SqlDataAdapter (CMD); DataSet ds = new DataSet (); Ada. Fill (DS); //return ds; DataSet data = ds ; if (data. Tables[0]. Rows.Count = = 0) { MessageBox.Show (message. User name or password input error). ToString ()); } else {
index mm = new index (); Mm. Show (); This. Close (); MessageBox.Show (message. Login succeeded). ToString ()); } return false;
}
}
User logged on private void Button1_Click (object sender, EventArgs e) {string name = This.name.Text; String pass = This.pass.Text; Check (Name,pass); }
private void Button2_Click (object sender, EventArgs e) {this. Close (); }
} }
This is just a simple anti-SQL injection method, but is not capable of comprehensive anti-SQL injection,,,
C # language WinForm anti-SQL injection as an example of user login