加上防注入,所以正确的语句是: string SQLString = "SELECT * FROM student where sno='"+ textBox1.Text.Replace("'", "''")+"' AND password='"+textBox2.Text.Replace("'", "''")+"'";
第2个回答 2020-05-03
string SQLString = "SELECT * FROM student where sno='"+ textBox1.Text+"' AND password='"+textBox2.Text+"'";