注入漏洞及参数化查询

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using System.Data.SqlClient;

namespace ADO.NET详解

{

    class Program

    {

        static void Main(string[] args)

        {

            Console.WriteLine("请输入用户名");

            string username = Console.ReadLine();

            Console.WriteLine("请输入密码");

            string password = Console.ReadLine();

            using (SqlConnection conn = new SqlConnection(@"Data Source=.;Database=Database1;user ID=sa;pwd=888888"))//在Sqlconnection,Sqlcommand,SqlDataReader等使用using，可以

            //释放掉所占用的资源，相当于Disposed()方法.

            {

                conn.Open();

                using (SqlCommand cmd = conn.CreateCommand())

                {

                    //下列语句不使用参数化查询，容易造成SQL注入攻击，只要用户输入的密码为1' or '1'='1格式，即可以正常登陆进去

 //cmd.CommandText = "SELECT count(*) from T_Users WHERE UserName='" + username + "' and Password='" + password + "'";

                    //这里使用参数化查询，比较安全

                    cmd.CommandText = "SELECT count(*) from T_Users WHERE UserName=@Username and Password=@Password";

                    cmd.Parameters.Add(new SqlParameter("Username",username));

                    cmd.Parameters.Add(new SqlParameter("Password", password));

                    int i=Convert.ToInt32(cmd.ExecuteScalar());

                    if(i>0)

                    {

                        Console.WriteLine("登录成功");

                    }

                    else

                        Console.WriteLine("用户名或密码错误");

                }

                Console.ReadKey();

            }

        }

    }

注入查询界面：