1
我试图阻止SQL注入。我做对了吗? (我正在使用MS Access。)我仍然应该使用sqlparameter
?给定一个或多个所需参数没有值
OleDbParameter[] myparm = new OleDbParameter[2];
myparm[0] = new OleDbParameter("@UserID", UserName.Text);
myparm[1] = new OleDbParameter("@Password", encode);
string queryStr = "SELECT * FROM TMUser WHERE [email protected] AND [email protected]";
OleDbConnection conn = new OleDbConnection(_connStr);
OleDbCommand cmd = new OleDbCommand(queryStr, conn);
conn.Open();
OleDbDataReader dr = cmd.ExecuteReader();
谢谢!欣赏建议。 –