求最人性化的防止SQL注入函数

    private DataTable ExecuteDataTable(string SqlStr, Hashtable SqlParameters,CommandType temType)    {        String getConnectionString = "Application Name=sss;Initial Catalog=DEVDB;Data Source=10.3.1.218;User ID=sa;password=sa;Pooling=True";        SqlConnection sqlConn = new SqlConnection(getConnectionString);        SqlCommand sqlCmd = new SqlCommand(SqlStr);        SqlDataAdapter sqlDA =new SqlDataAdapter();        DataTable dtSql = new DataTable();              try        {            sqlConn.Open();            sqlCmd.Connection = sqlConn;            sqlCmd.CommandType = temType;            if (SqlParameters != null)            {                IDictionaryEnumerator hsEnum = SqlParameters.GetEnumerator();                while (hsEnum.MoveNext())                {                    sqlCmd.Parameters.AddWithValue(hsEnum.Key.ToString(), hsEnum.Value);                }            }            sqlDA.SelectCommand = sqlCmd;            sqlDA.Fill(dtSql);            return dtSql;        }        catch (Exception exExact)        {            string error = exExact.Message;            throw new Exception(error, exExact);        }        finally        {            sqlConn.Close();        }    }    protected void Button2_Click(object sender, EventArgs e)    {        Hashtable htParam = new Hashtable();               htParam.Add("@Language", "Chi");        htParam.Add("@CurrencyCode", "RMB");      htParam.Add("@CurrencyUnit", "1.0");      htParam.Add("@Region", "42");        string sqlstr = "spr_Channellist";        DataTable mytable = ExecuteDataTable(sqlstr, htParam, CommandType.StoredProcedure);        this.GridView1.DataSource = mytable;        GridView1.DataBind();    }    private String ExecuteDataValue(string SqlStr, Hashtable SqlParameters)    {        String getConnectionString = "Application Name=IPTV;Initial Catalog=IPTVDEVDB;Data Source=10.3.1.218;User ID=sa;password=sa;Pooling=True";        SqlConnection sqlConn = new SqlConnection(getConnectionString);        SqlCommand sqlCmd = new  SqlCommand(SqlStr);        string strRtrn ;        try        {            sqlConn.Open();                     sqlCmd.Connection = sqlConn;            sqlCmd.CommandType = CommandType.Text;            if(SqlParameters != null)             {                IDictionaryEnumerator hsEnum = SqlParameters.GetEnumerator();                while(hsEnum.MoveNext())                {                    sqlCmd.Parameters.AddWithValue(hsEnum.Key.ToString(), hsEnum.Value);                }            }             strRtrn = Convert.ToString(sqlCmd.ExecuteScalar());             return strRtrn;        }        catch(Exception exExact)        {            string error = exExact.Message;            throw new Exception(error, exExact);        }        finally        {            sqlConn.Close();        }    }    protected void GridView1_PageIndexChanging(object sender, GridViewPageEventArgs e)    {        GridView1.PageIndex = e.NewPageIndex;        OleDbConnection conn = new OleDbConnection("provider=microsoft.jet.oledb.4.0;data source=" + Server.MapPath("") + "\\CODEDB.mdb");        string sql = "select * from Code ";        OleDbDataAdapter oda = new OleDbDataAdapter(sql, conn);        DataSet ds = new DataSet();        oda.Fill(ds);        this.GridView1.DataSource = ds.Tables[0];        GridView1.DataBind();    }