我尝试使用此查询比较我的密码值但是当我尝试使用COLLATE SQL_Latin1_General_CP1_CI_AS时,它无法正常工作。
请帮我解决这个问题
错误消息
An unhandled exception of type 'System.Data.OleDb.OleDbException' occurred in System.Data.dll
Additional information: IErrorInfo.GetDescription failed with E_FAIL(0x80004005).
我的代码
OleDbConnection con = new OleDbConnection();
con.ConnectionString = ConfigurationManager.ConnectionStrings["Connection"].ToString();
con.Open();
OleDbCommand cmd = new OleDbCommand();
cmd.CommandText = "SELECT UserName, Password, ID FROM AdminLogin WHERE UserName='" + txtUserName.Text + "' AND Password='" + txtPassword.Password + "' COLLATE SQL_Latin1_General_CP1_CI_AS";
cmd.Connection = con;
OleDbDataReader rd = cmd.ExecuteReader();
答案 0 :(得分:-1)
您可以使用此选项来提高SQL注入的安全性
cmd.CommandText = "SELECT UserName, Password, ID FROM AdminLogin WHERE StrComp(UserName,'" + txtUserName.Text + "',0)=0 AND StrComp(Password,'" + txtPassword.Password + "',0)=0 ";