VS2010，C#平台下Oracle 连接 程序

以下是自己在VS2010平台上，参考网上的方法开发Oracle连接程序，其中引入了参数化输入来防止SQL注入式攻击

#region
//Oracle 连接字符串
string con = "Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=orcl)));User Id=system;Password=password;";

//防止SQL注入式攻击
StringBuilder ap = new StringBuilder();
ap.Append("select * from T_User where U_ID=:UserName and U_PASSWORD=:UserPassword ");

OracleConnection mycon = new OracleConnection();

mycon.ConnectionString = con;

try
  {
    mycon.Open();

    OracleCommand cmd = new OracleCommand();
    cmd.CommandText = ap.ToString();
    cmd.Connection = mycon;

    OracleParameter para = new OracleParameter("UserName", OracleType.VarChar, 50);
    para.Value = UserName;
    cmd.Parameters.Add(para);

    OracleParameter para1 = new OracleParameter("UserPassword", OracleType.VarChar, 50);
    para1.Value = UserPassword;
     cmd.Parameters.Add(para1);

    OracleDataReader da = cmd.ExecuteReader();

         if (da.Read()) //说明存在该用户名且密码正确
       {
     result = true;
      }
       if (false == da.IsClosed)// 判断SqlDataReader对象创建的连接是否关闭 
       {
       da.Close();//关闭SqlDataReader对象的连接 
       }
    da.Dispose();//释放SqlDataReader对象的资源 
   }

catch (OracleException ex)
  {
   MessageBox.Show(ex.ToString(), "信息提示", MessageBoxButtons.OK, MessageBoxIcon.Error);
   this.Close();//软件异常，退出 
  }

//关闭连接并释放资源 
if (ConnectionState.Open == mycon.State)
   {
   mycon.Close();
   }

mycon.Dispose();
#endregion