ado.net sqlserver 注入漏洞问题

using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Data.SqlClient;namespace login1{    class Program    {        static void Main(string[] args)        {            Console.WriteLine("请输入用户名：");            string username = Console.ReadLine();            Console.WriteLine("请输入密码:");            string password = Console.ReadLine();//当输入1'or'1'='1时会形成注入漏洞            //连链数据库            using (SqlConnection conn = new SqlConnection            (@"data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=D:\My Documents\Visual Studio 2008\Projects\ado.net\ado.net\Database1.mdf;User Instance=true"))            {                conn.Open();                using(SqlCommand cmd=conn.CreateCommand())                {                    //使用参数化的形式防止注入漏洞,不要使用字符并接（cmd.CommandText="select*from mytable1 where name='"+name+"',password='"+password+"'";）                    //@un :类似于占位符                    cmd.CommandText = "select count(*) from mytable2 where username=@un and password=@p";                    cmd.Parameters.Add(new SqlParameter("un",username));                    cmd.Parameters.Add(new SqlParameter("p", password));                    //cmd.ExecuteScalar()以object的形式返回搜索结果的第一行第一列                    int i = Convert.ToInt32(cmd.ExecuteScalar());                    if (i > 0)                    {                        Console.WriteLine("登录成功！");                    }                    else                    {                        Console.WriteLine("用户名或密码错误！");                    }                }            }            Console.ReadKey();        }    }}