1
我試圖阻止SQL注入。我做對了嗎? (我正在使用MS Access。)我仍然應該使用sqlparameter
?給定一個或多個所需參數沒有值
OleDbParameter[] myparm = new OleDbParameter[2];
myparm[0] = new OleDbParameter("@UserID", UserName.Text);
myparm[1] = new OleDbParameter("@Password", encode);
string queryStr = "SELECT * FROM TMUser WHERE [email protected] AND [email protected]";
OleDbConnection conn = new OleDbConnection(_connStr);
OleDbCommand cmd = new OleDbCommand(queryStr, conn);
conn.Open();
OleDbDataReader dr = cmd.ExecuteReader();
謝謝!欣賞建議。 –