In the process of program development, system security should be a concern of developers, especially for websites. We may leave room for some destructive users when developing user login functions, for example, how can we solve the SQL Injection problem simply?
SqlConnection conn =
New SqlConnection ("Data Source = localhost; Initial Catalog = web ;");
SqlCommand cmd = conn. CreateCommand ();
Cmd. CommandText = "SELECT roles FROM web WHERE username = @ username" +
"AND password = @ password ";
// Fill our parameters
Cmd. Parameters. Add ("@ username", SqlDbType. NVarChar, 64). Value = Username. Value;
Cmd. Parameters. Add ("@ password", SqlDbType. NVarChar, 128). Value = Password. Value
// Execute the command
Conn. Open ();
SqlDataReader reader = cmd. ExecuteReader ();
The above code can solve the problem of SQL Injection in a simple way. At the same time, we can understand the principle that we should not trust the innocence of the input data in the password verification process.