怎样把下面的非参数化查询sql查询改成参数化查询
怎样把下面的非参数化查询sql查询改成参数化查询
string sql="select * from userid.users where id='"+TextBoxName.Text+"'";
objConn=new OleDbConnection(Constant.strConn);
objCmd = new OleDbCommand(sql, objConn);
try //扑捉异常错误
{
objConn.Open();
objReader = objCmd.ExecuteReader();
while (objReader.Read())
{
strname=objReader["id"].ToString();
strpwd=objReader["pwd"].ToString();
}
objReader.Close();
}
catch
{
Response.Write ("<script defer>alert(\"数据库错误! \");</script>");
return;
}
finally
{
objConn.Close();
}