ÈçºÎÓ¦¶ÔWinformsÖÐSQLµÄ×¢Èëʽ¹¥»÷

SqlÓï¾ä×÷Ϊ¹ú¼Ê±ê×¼µÄÊý¾Ý¿â²éѯÓï¾ä£¬±±¾©°á¼Ò¹«Ë¾ ±±¾©Êèͨ¹«Ë¾ÔÚ¸÷ÖÖ±à³Ì»·¾³Öеõ½Á˹㷺µÄÓ¦Óá£×÷Ϊһ¸ö³ÉÊì¡¢Îȶ¨µÄϵͳ£¬Óû§µÇ½ºÍÃÜÂëÑéÖ¤ÊDZز»¿ÉÉٵġ£ÔÚƽʱµÄ±à³Ì¹¤×÷ÖÐÐí¶à³ÌÐòÔ±ÔÚÓÃsqlÓï¾ä½øÐÐÓû§ÃÜÂëÑé֤ʱÊÇͨ¹ýÒ»¸öÀàËÆÕâÑùµÄÓï¾äÀ´ÊµÏֵģº
 strSel = " Select * from Óû§±í where ÐÕÃû= '" + name + "'  and  ÃÜÂë = '"  + password + "'";
        ÆäÖÐnameºÍpasswordÊÇ´æ·ÅÓû§ÊäÈëµÄÓû§ÃûºÍ¿ÚÁͨ¹ýÖ´ÐÐÉÏÊöÓï¾äÀ´ÑéÖ¤Óû§ºÍÃÜÂëÊÇ·ñºÏ·¨ÓÐЧ¡£µ«ÊÇͨ¹ý·ÖÎö¿ÉÒÔ·¢ÏÖ£¬ÉÏÊöÓï¾äÈ´´æÔÚ×ÅÖÂÃüµÄ©¶´¡£µ±ÎÒÃÇÔÚÓû§Ãû³ÆÖÐÊäÈëÏÂÃæµÄ×Ö·û´®Ê±£º111 ' or  '1 = 1£¬È»ºó¿ÚÁîÒ²ÒÔÀàËÆ·½·¨ÊäÈ룬ÎÒÃǼÙÉèÃÜÂëΪaaaa¡£±äÁ¿´ú»»ºó£¬sqlÓï¾ä¾Í±ä³ÉÁËÏÂÃæµÄ×Ö·û´®£º Sql="Select * from Óû§±í where ÐÕÃû = '111' or '1' = '1'  and  ÃÜÂë = 'aaaa'
        ÎÒÃǶ¼ÖªµÀselectÓï¾äÔÚÅжϲéѯÌõ¼þʱ£¬Óöµ½»ò£¨or£©²Ù×÷¾Í»áºöÂÔÏÂÃæµÄÓ루and£©²Ù×÷£¬¶øÔÚÉÏÃæµÄÓï¾äÖÐ1=1µÄÖµÓÀԶΪtrue£¬ÕâÒâζ×ÅÎÞÂÛÔÚÃÜÂëÖÐÊäÈëʲôֵ£¬¾ùÄÜͨ¹ýÉÏÊöµÄÃÜÂëÑéÖ¤£¡Õâ¸öÎÊÌâµÄ½â¾öºÜ¼òµ¥£¬·½·¨Ò²ºÜ¶à£¬×î³£ÓõÄÊÇÔÚÖ´ÐÐÑé֤֮ǰ£¬¶ÔÓû§ÊäÈëµÄÓû§ºÍÃÜÂë½øÐкϷ¨ÐÔÅжϣ¬±±¾©°á¼Ò¹«Ë¾ ±±¾©Êèͨ¹«Ë¾²»ÔÊÐíÊäÈëµ¥ÒýºÅ¡¢µÈºÅµÈÌØÊâ×Ö·û¡£
       ÉÏÊöÎÊÌâËäÈ»¿´ÆðÀ´¼òµ¥£¬µ«È·ÊµÊÇ´æÔڵġ£ÀýÈçÔÚ»¥ÁªÍøÉϺÜÓÐÃûÆøµÄÍøÂçÓÎÏ·"Ц°Á½­ºþ"µÄÔçÆÚ°æ±¾¾Í´æÔÚ×ÅÕâÑùµÄÎÊÌ⣬ÕâȷʵӦ¸ÃÒýÆðÎÒÃǵÄ×¢Òâ¡£ÕâÒ²±©Â¶³öÄêÇá³ÌÐòÔ±ÔÚ±à³Ì¾­ÑéºÍ°²È«ÒâʶÉϵIJ»×㡣ͬʱҲÌáÐÑÎÒÃDZà³Ì¹¤×÷ÕßÔÚ³ÌÐòÉè¼ÆʱӦµ±³ä·Ö¿¼ÂdzÌÐòµÄ°²È«ÐÔ£¬²»¿ÉÓаëµãÂí»¢£¬Ò»¸ö¿´ËƺÜСµÄÊè©¿ÉÄܾͻáÔì³ÉºÜÑÏÖصĺó¹û¡£ ÔÚWinforms±à³ÌÖпÉÒÔ²ÉÈ¡ÒÔÏ·½·¨½â¾ö£¬¿ÉÒÔÓÃÎı¾¿òµÄKeyPressʼþÖÐÌí¼ÓÒÔÏ´úÂë
     if(e.KeyChar == ' \' ') {
            MessageBox.Show("²»¿ÉÒÔÊäÈë‘£¡");
            e.Handled = true;
     }±±¾©°á¼Ò¹«Ë¾ ±±¾©Êèͨ¹«Ë¾
     ´Ë´¦µÄeÊǸÃʼþÌṩµÄ²ÎÊý¶ÔÏó£¬KeyCharÊDZíʾËù°´¼üµÄASCIIÂ룬\'±íʾµ¥ÒýºÅ£¬Ìõ¼