C# SQL防注入
string sql = "select * from student where id like" +"@key";
Sqlconnection con = new Sqlconnetion();
Sqlcommand com =new Sqlcommand();
SqlParameter prmid = new SqlParameter();
prmid.ParameterName = "@key";
prmid.Value=key;
com.Parameters.Add(prmid);