Home > Developer > C#

Compiling the sqlhelper class in c #(2 ),

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Compiling the sqlhelper class in c #(2 ),

The previous article talked about the compilation of the simple SqlHelper class. Here we will write a solution to the problem raised at the end of the previous article.

SQL statement injection attacks are already well known. How can we protect our databases from such attacks in C?

Don't worry, c # already provides a good solution, that is, the SqlParameter class.

How to use it?

  

Class SqlHelper {

Public object ExecuteScalar (string SQL, Parameter [] parameters) // an array of the Parameter type is added here.
Using (SqlConnection conn = new SqlConnection (connStr ))
{
Conn. Open ();
Using (SqlCommand cmd = conn. CreateCommand ())
{
Cmd. CommandText = SQL;
Foreach (Parameter param in parameters) // traverses the passed array and adds the elements to the query one by one.
{
Cmd. Parameters. add (param );
}
SqlDataAdapter adapter = new SqlDataAdapter (cmd); // The data adapter uses query as its own attribute.
DataSet dataset = new DataSet (); // create a cache
Adapter. Fill (dataset); // store data in the cache.
Return dataset; // a collection of returned data.
}
}
}

The preceding example uses the Parameter class to protect SQL statements and prevent SQL injection.

But another point is that we define an array as a parameter in the method. What if the input is not just an array?

At this time, we need to use the variable length parameter concept.

Variable Length Parameter definition method:

Static int sum (int [] arr) // This is a simple function definition with fixed parameter length.
{
Int sum = 0;
Foreach (int I in arr)
{
Result + = I;
}
Return result;
}
Static int sum1 (param int [] arr) // This is a simple function definition with variable parameter length.
{
Int result = 0;
Foreach (int I in arr)
{
Result + = I;
}
Return result;
}
Static void Main (string [], args)
{
Int [] array1 = new int [] {1, 2, 3, 4, 5 };
Sum (array1); // we use the fixed parameter length method. An array must be passed in.
Sum1 (, 10); // you can use the variable parameter length method to transfer numbers as needed. The function automatically adds them to its own array parameters.
}

I will write it here today. The specific use of variable length parameters in SqlHelper will be explained in the next article.

  

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
register class in c container class in c create class in c using class in another class c class and object in c what abstract class in c compare 2 strings in c
Related Article
Deep parsing of C + + function templates and class templates
C # import data from DataGridView into a CSV file and export ...
C # uses NPOI to generate Word documents (by template)
Multiple implementations of C # High performance TCP Services
C # NPOCO lightweight ORM framework (advanced ),
. Net open-source micro-ORM Framework evaluation,. netorm fra...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More