Lawrence Blog

由於使用NET FTP 會出現中文檔名下載回來後變亂碼的問題，因此改用WIN32的API來完成檔案的上傳下載及查詢

利用參數傳遞來執行SQL可有效的阻絕 SQL injection string strSQL = "select * from AdminSystem Where AdminID=@AdminID and AdminPwd=@AdminPwd"; string ConnString = ConfigurationManager.ConnectionStrings["SQLConnectionString"].ToString(); conn = new SqlConnection(ConnString); cmd = new SqlCommand(); conn.Open(); cmd.Connection = conn; cmd.Parameters.Add("@AdminID", SqlDbType.NVarChar, 50); cmd.Parameters.Add("@AdminPwd", SqlDbType.NVarChar, 50); cmd.Parameters[0].Value = txtID.Text; cmd.Parameters[1].Value = txtPwd.Text; cmd.CommandText = strSQL; SqlDataReader dr = cmd.ExecuteReader();