S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD";OracleParameter[] parms = { new OracleParameter("USERNAME",OracleType.VarChar),new OracleParameter("PASSWORD",OracleType.VarChar),};parms[0].Value = userName;parms[1].Value = password;string sql = "SELEC

来源:学生作业帮助网 编辑:作业帮 时间:2024/07/06 01:42:09
S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD
x]KQaoCnuU6L˵"BdlEFZW*dglԎӽ^C'q(}_23p10?R,` 4;Z?~3or+8܂tAkx>J L1n\;s^KG>m!T%LLY:K9bEk{$m55.⻬|k;A!J 8" YT8W TKs̔P> GR*˫~D)~/=t6nGGuktSu(m,y@rAJK5B5g$i(p7

S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD";OracleParameter[] parms = { new OracleParameter("USERNAME",OracleType.VarChar),new OracleParameter("PASSWORD",OracleType.VarChar),};parms[0].Value = userName;parms[1].Value = password;string sql = "SELEC
S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD";
OracleParameter[] parms = {
new OracleParameter("USERNAME",OracleType.VarChar),
new OracleParameter("PASSWORD",OracleType.VarChar),
};
parms[0].Value = userName;
parms[1].Value = password;
string sql = "SELECT * FROM TBL_C_USER WHERE S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD";
这是什么用法?要实现怎样的功能?尤其是S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD 很诡异?没见过

S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD";OracleParameter[] parms = { new OracleParameter("USERNAME",OracleType.VarChar),new OracleParameter("PASSWORD",OracleType.VarChar),};parms[0].Value = userName;parms[1].Value = password;string sql = "SELEC
冒号:后面的是定义的参数组的KEY,比如USERNAME,它的值是之前附的userName
相比直接"SELECT * FROM TBL_C_USER WHERE S_USERNAME='"+userName+"'AND S_PASSWORD='"password'"
这样传入可以避免SQL注入