using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace OmyGod
{
    public partial class Form1 : Form
    {
        private static string connectionString = "Data Source=.;Initial Catalog=Omy;Integrated Security=True";

        public Form1()
        {
            InitializeComponent();
        }


        enum message
        {

            用户名或者密码输入错误 = 1,
            登录成功 = 2,

        }

        public bool check(string name, string pass)
        {
            using (SqlConnection
                conn = new SqlConnection(connectionString))
            {
                conn.Open();
                SqlCommand cmd = new SqlCommand();
                cmd.Connection = conn;
                cmd.CommandText = "select * from auser where name = @name and pass = @pass";
                cmd.Parameters.AddRange(
                  new SqlParameter[]{
                  new  SqlParameter("@name",SqlDbType.VarChar){Value=this.name.Text},
                  new SqlParameter("@pass",SqlDbType.VarChar){Value=this.pass.Text},
             });
                cmd.ExecuteNonQuery();
                SqlDataAdapter ada = new SqlDataAdapter(cmd);
                DataSet ds = new DataSet();
                ada.Fill(ds);
                //return ds;
                DataSet data = ds;
                if (data.Tables[0].Rows.Count == 0)
                {
                    MessageBox.Show((message.用户名或者密码输入错误).ToString());
                }
                else
                {

                    index mm = new index();
                    mm.Show();
                    this.Hide();
                    //  MessageBox.Show((message.登录成功).ToString());
                }
                return false;

            }



        }


        //用户登录
        private void button1_Click(object sender, EventArgs e)
        {
            string name = this.name.Text;
            string pass = this.pass.Text;
            check(name, pass);

        }

        private void button2_Click(object sender, EventArgs e)
        {
            this.Close();
        }



    }
}

这只是一个简单的防SQl注入的方法，但是不是能够全面的防SQl注入，，，