做登录功能的时候,需要防止注入,所以用了SqlParameter。
修改了,这样就不用我的那个给cmd附加多个SqlParameter的方法了
cmd.Parameters.AddRange(pg);
登录按钮代码如下
1 |
protected void Button1_Click1(object sender, EventArgs e) |
1 |
SqlParameter[] pg = new SqlParameter[2]; |
2 |
pg[0] = new SqlParameter("@uname",uname ); |
3 |
pg[1] = new SqlParameter("@upwd",upwd); |
4 |
SqlUtility.AddParameters(cmd,pg); |
下面这样写 应该也是可以吧
1 |
SqlParameter[] pg= new SqlParameter[2] ; |
2 |
prams[0] = new SqlParameter(); |
3 |
prams[0].ParameterName = "@uname"; |
4 |
prams[0].Value = uanme; |
5 |
prams[1] = new SqlParameter(); |
6 |
prams[1].ParameterName = "@upwd"; |
记下来备忘!
感谢“碧海清天”的提醒,没想到我这么个小角落也有人能发现啊~
SqlParameter[] paraList = new SqlParameter[7];
paraList[0] = new SqlParameter( "@userName ", SqlDbType.VarChar, 50);
paraList[0].Value = personModel.UserName;
paraList[1] = new SqlParameter( "@account ", SqlDbType.VarChar, 100);
paraList[1].Value = personModel.Account;
paraList[2] = new SqlParameter( "@pwd ", SqlDbType.VarChar, 100);
paraList[2].Value = personModel.Pwd;
paraList[3] = new SqlParameter( "@unitID ", SqlDbType.VarChar, 20);
paraList[3].Value = personModel.UnitID;
paraList[4] = new SqlParameter( "@email ", SqlDbType.VarChar, 100);
paraList[4].Value = personModel.Email;
paraList[5] = new SqlParameter( "@officeTel ", SqlDbType.VarChar, 20);
paraList[5].Value = personModel.OfficeTel;
paraList[6] = new SqlParameter( "@mobile ", SqlDbType.VarChar, 20);
paraList[6].Value = personModel.Mobile;
return sd.ExecuteNonQuery( "UP_Person_ADD ", paraList);
浙公网安备 33010602011771号