S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD";OracleParameter[] parms = { new OracleParameter("USERNAME",OracleType.VarChar),new OracleParameter("PASSWORD",OracleType.VarChar),};parms[0].Value = userName;parms[1].Value = password;string sql = "SELEC

来源:学生作业帮助网 编辑:作业帮 时间:2024/04/29 05:13:39
S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD

S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD";OracleParameter[] parms = { new OracleParameter("USERNAME",OracleType.VarChar),new OracleParameter("PASSWORD",OracleType.VarChar),};parms[0].Value = userName;parms[1].Value = password;string sql = "SELEC
S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD";
OracleParameter[] parms = {
new OracleParameter("USERNAME",OracleType.VarChar),
new OracleParameter("PASSWORD",OracleType.VarChar),
};
parms[0].Value = userName;
parms[1].Value = password;
string sql = "SELECT * FROM TBL_C_USER WHERE S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD";
这是什么用法?要实现怎样的功能?尤其是S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD 很诡异?没见过

S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD";OracleParameter[] parms = { new OracleParameter("USERNAME",OracleType.VarChar),new OracleParameter("PASSWORD",OracleType.VarChar),};parms[0].Value = userName;parms[1].Value = password;string sql = "SELEC
冒号:后面的是定义的参数组的KEY,比如USERNAME,它的值是之前附的userName
相比直接"SELECT * FROM TBL_C_USER WHERE S_USERNAME='"+userName+"'AND S_PASSWORD='"password'"
这样传入可以避免SQL注入