1 /// <summary>
2 /// 参数化查询预防SQL注入式攻击
3 /// </summary>
4 public int checkLogin(string loginName, string loginPwd)
5 {
6 string strsql = "select count(*) from tb_LoginUser where UserName=@UserName and PassWord=@PassWord";
7 SqlConnection conn = new SqlConnection(ConfigurationManager.AppSettings["conStr"]);
8 if (conn.State.Equals(ConnectionState.Closed))//存在,判断是否关闭
9 {
10 conn.Open(); //连接处于关闭状态,重新打开
11 }
12 SqlCommand sqlcom = new SqlCommand(strsql, conn);
13 sqlcom.Parameters.Add(new SqlParameter("@UserName", SqlDbType.NVarChar, 50));
14 sqlcom.Parameters["@UserName"].Value = loginName;
15 sqlcom.Parameters.Add(new SqlParameter("@PassWord", SqlDbType.NVarChar, 50));
16 sqlcom.Parameters["@PassWord"].Value = loginPwd;
17 int i = (int)sqlcom.ExecuteScalar();
18 conn.Close();
19 return i;
20 }
