比如你的sql语句是如下这样写的 string sql="SELECT * from Users WHERE login ='"+txtusername.text+"' AND password = '"+txtpass.text+"'";然后login时的用户名和密码中分别输入以下内容 txtusername.text="' or '1'='1"; txtpass.text="' or '1'='1";然后你的sql语句就变成了 SELECT * from Users WHERE login ='' or '1'='1' AND password = '' or '1'='1' 很明显,用户名和密码根本没起作用,就被登陆 SELECT * from Users WHERE login = or 1=1 AND password = or 1=1
string sql="SELECT * from Users WHERE login ='"+txtusername.text+"' AND password = '"+txtpass.text+"'";然后login时的用户名和密码中分别输入以下内容
txtusername.text="' or '1'='1";
txtpass.text="' or '1'='1";然后你的sql语句就变成了
SELECT * from Users WHERE login ='' or '1'='1' AND password = '' or '1'='1'
很明显,用户名和密码根本没起作用,就被登陆
SELECT * from Users WHERE login = or 1=1 AND password = or 1=1
SqlConnection cn= new SqlConnection (strconn);
cn.Open ();
SqlCommand cm=new SqlCommand ("login",cn);
cm.CommandType=CommandType.StoredProcedure;cm.Parameters.Add("@sql1",SqlDbType.NVarChar,50);
cm.Parameters["@sql1"].Value = tbx_uid.Text;
cm.Parameters.Add("@sql2",SqlDbType.NVarChar,50);
cm.Parameters["@sql2"].Value = tbx_upassword.Text;存储过程CREATE proc login
(
@sql1 nvarchar(50),
@sql2 nvarchar(50)
)
AS
select * from lw_users where username=@sql1 and userpassword=@sql2;
RETURNGO
---------------
我再给你一个防sql注入得函数public static string FunStr(string str)
{
str = str.Replace("&","&");
str = str.Replace("<","<");
str = str.Replace(">",">");
str = str.Replace("'","''");
str = str.Replace("*","");
str = str.Replace("\n", "<br/>");
str = str.Replace("\r\n", "<br/>");
//str = str.Replace("?","");
str = str.Replace("select","");
str = str.Replace("insert","");
str = str.Replace("update","");
str = str.Replace("delete","");
str = str.Replace("create","");
str = str.Replace("drop","");
str = str.Replace("delcare","");
str = str.Replace(" ", " ");str = str.Trim();
if(str.Trim().ToString()=="")
str = "无";
return str;
}