C# t方法比其他方法好。 public string select(string name) { string s = null; query = "select * from tablename where n_C#_.net_Sql_Database_Sql Injection

C# t方法比其他方法好。 public string select(string name) { string s = null; query = "select * from tablename where n

c# .net sql database

C# t方法比其他方法好。 public string select(string name) { string s = null; query = "select * from tablename where n,c#,.net,sql,database,sql-injection,C#,.net,Sql,Database,Sql Injection,t方法比其他方法好。 public string select(string name) { string s = null; query = "select * from tablename where name=@name"; con.Open(); com=new SqlCeCommand(query,con); com.Parameters.AddWithValue("@name",name)

t方法比其他方法好。

    public string select(string name)
    {
        string s = null;
        query = "select * from tablename where name=@name";
        con.Open();
        com=new SqlCeCommand(query,con);
        com.Parameters.AddWithValue("@name",name);
        sdr=com.ExecuteReader();
        while (sdr.Read())
        {
            s = sdr.GetString(0);
        }
        return s;
    }

    public string select(string query)
    {
        string s = null;
        con.Open();
        com=new SqlCeCommand(query,con); 
        sdr=com.ExecuteReader();
        while (sdr.Read())
        {
            s = sdr.GetString(0);
        }
        return s;
    }