C # anti-SQL Injection in like condition during SQL statement Splicing,

C # anti-SQL Injection in like condition during SQL statement Splicing,

This afternoon, my colleague asked me a basic question. What should I do if I encounter Like when splicing SQL statements.

My original writing method was simple concatenation of strings. Later, my colleague asked me what to do if I encountered SQL injection. This is indeed a problem.

I just found related instructions on the Internet. It was originally written in this way.

Such as an SQL statement:

　　

Select * from game where gamename like '% three %'

 

In c # format:

String keywords = "James"; StringBuilder strSql = new StringBuilder (); strSql. append ("select * from game where gamename like @ keywords"); SqlParameter [] parameters = new SqlParameter [] {new SqlParameter ("@ keywords ", "%" + keywords + "% "),};

Although % is used here, it is quite simple and practical to filter SQL Injection effectively.

 

It is a small knowledge point and I hope it will help you! Pai_^

& In C Language

& Can be used as the bitwise AND or address fetch Operator
The following describes two usage methods:
1. bitwise and operation bitwise AND operator "&" are binary operators. Its function is the binary phase corresponding to the two numbers involved in the operation. The result bit is 1 only when the two binary numbers are 1. Otherwise, the result bit is 0. The number of involved operations is supplemented.
For example, 9 & 5 can be written as follows: 00001001 (Binary complement of 9) & 00000101 (Binary complement of 5) 00000001 (Binary complement of 1) Visible 9 & 5 = 1.
Bitwise AND operations are usually used to clear some bits or retain some bits. For example, if a clears the high eight bits of 0 and retains the low eight bits, it can be used as a & 255 operation (255 of the binary number is 0000000011111111 ).
2. Get the address
& As The unary operator, the result is the address of the right operation object.
For example, & x returns the address of x.
The address itself is an abstract concept used to indicate the logical location of an object in the memory.

& In C Language

& Can be used as the bitwise AND or address fetch Operator
The following describes two usage methods:
1. bitwise and operation bitwise AND operator "&" are binary operators. Its function is the binary phase corresponding to the two numbers involved in the operation. The result bit is 1 only when the two binary numbers are 1. Otherwise, the result bit is 0. The number of involved operations is supplemented.
For example, 9 & 5 can be written as follows: 00001001 (Binary complement of 9) & 00000101 (Binary complement of 5) 00000001 (Binary complement of 1) Visible 9 & 5 = 1.
Bitwise AND operations are usually used to clear some bits or retain some bits. For example, if a clears the high eight bits of 0 and retains the low eight bits, it can be used as a & 255 operation (255 of the binary number is 0000000011111111 ).
2. Get the address
& As The unary operator, the result is the address of the right operation object.
For example, & x returns the address of x.
The address itself is an abstract concept used to indicate the logical location of an object in the memory.