防止Sql注入

1.Sql语句过滤

select count(*) from info_oper where opid =@opid

2.SqlCommand. AddParameter("@opid","00900")