2015 4.15 Written examination

SQL injection

What is SQL injection? How do I prevent SQL injection?

is to insert the SQL statement into the query string to spoof the server to execute a malicious command

ways to prevent SQL injection: SQL parameterized Query

Get the latest SQL insert:

/* For the new record ID just inserted immediately with scope_identity () is the most appropriate */insert into table (Field1,field2,) VALUES ("Field1value", "Field2value",) SELECT scope_identity () as newidvalue/* the best use of ident_current (' tbname ') */INSERT into table for the ID that you want to generate for the last insert operation in a table ( Field1,field2,) VALUES ("Field1value", "Field2value",) SELECT ident_current (' RecordID ') as Newidvalue

Programming Questions:

1 1 2 3 5 8..

int [] array=new int[30];for (int i=0;i<=array.length;i++) {if (i-2<0) return 0;elsearray[i]=array[i-1]+array[i-2 ];}

Inserts a random number of 100 100 or less into an empty array

list<int> list =Newlist<int>(); Random ran=NewRandom ();  while(true)        {          if(list. Count >= -)          {             Break; }          ints = ran. Next (1,101);//generate a random integer within 100        if(!list. Contains (s)) {list.          ADD (s); }  //If the list<> doesn't exist in S, add s to the list .} list.  Sort (); //Sort         foreach(intIinchlist) {Console.Write (i+" ");  } console.readkey (); 

C # Bubble sort

 static  list<int  > List = new  list<int  > ()  int  temp=0   for  (int  i=0 ; i<list.count;i++ for  (int  j=0 ; J<i-1 ; J++) {temp  =list[i];list[i]  =list[i+1  ];list[i  +1 ]=temp;}}  

Processes and Threads

A process is a memory that contains some resources

A thread is an entity of a process, the smallest unit of CPU scheduling

One thread can undo and create another thread, and multiple threads can execute concurrently

Difference: A process can have multiple threads

Threads cannot be executed separately, and must depend on the application for execution

Tcp / ip

TCP/IP protocol is a complete set of network protocols, the TCP Transport Layer IP network layer

The difference between TCP and UDP

TCP provides connection-oriented, reliable data flow transmission, while UDP provides non-connection-oriented, unreliable data streaming.
Simply put, TCP is focused on data security, while UDP data transfer is fast, but security is generally

Some questions of the database

What is a database thing

Manipulation of a single logical thing

ACID (atomicity, consistency, isolation, durability)

Stored Procedures

A stored procedure is a set of SQL statements that are compiled

Its advantages: 1. Allow modular programming, that is, you only need to create a process, and later in the program can call the process any time.

2. Allow faster execution, and if an operation requires a large number of SQL statements or repeated executions, the stored procedure executes faster than the SQL statement.

3. Reducing network traffic, such as an operation that requires hundreds of rows of SQL code, has an execution statement complete and does not require hundreds of lines of code to be sent across the network.

Enumerate the five main objects in ADO

Connection Connection Object

command execution commands and stored procedures

DataReader forward read-only data stream

DataAdapter adapter, support and delete query

DataSet data-level object, equivalent to one or more tables in memory.

Three-tier architecture: Presentation layer, business logic layer, data access layer

The WebService service can be described as a feature that can be deployed on the web and can be invoked by any application or other service

Final: Cannot derive a new subclass

Finally: Exception handling

FINALIZE:GC processing

The garbage collector tracks and reclaims allocated objects in managed memory and periodically performs garbage collection to reclaim memory allocated to objects that do not have valid references. The GC automatically occurs when memory requests are not satisfied with available memory.

When garbage collection occurs, the garbage collector searches for managed objects in memory first, then searches the referenced objects from managed code and marks them as valid, then frees objects that are not marked as valid and reclaims the memory, and finally organizes the memory to move the valid objects together

The difference between struct and class

Structs share almost all the same syntax as classes, but structs are more restrictive than classes: Although static fields of a struct can be initialized, the struct instance field declares or cannot use an initializer.

Structs cannot declare default constructors (constructors with no parameters) or destructors.

A copy of the structure is created and destroyed automatically by the compiler, so you do not need to use the default constructors and destructors. In effect, the compiler implements the default constructor by assigning default values to all fields (see Default Values Table).

Structs cannot inherit from classes or other structures.

A struct is a value type--if you create an object from a struct and assign the object to a variable, the variable contains all the values of the structure. When you copy a variable that contains a structure, all data is copied, and any modifications you make to the new copy do not alter the old copy's data.

Because structs do not use references, structs are not identified-two value type instances with the same data cannot be distinguished. All value types in C # are inherently inherited from ValueType, which inherits from Object. The compiler can convert a value type to a reference type in a process called boxing.

The structure has the following characteristics:

A struct is a value type, and a class is a reference type.

When you pass a struct to a method, the structure is passed as a pass-through value, not as a reference.

Unlike classes, structs can be instantiated without the use of the new operator.

Structs can declare constructors, but they must take parameters.

A struct cannot inherit from another struct or class and cannot be used as a base for a class. All structures are directly inherited from System.ValueType, which inherit from System.Object.

Structures can implement interfaces.

Initializing an instance field in a struct is an error.

Override is the overriding meaning, which represents the method of overriding the base class, and the name of the method, the return type, the parameter type, and the same number of arguments as the base class.

Overload is the meaning of overloading, and it also represents the method of overriding the base class, but the other can be different as long as the method name is the same.

A class that declares the existence of a method and does not implement it is called the extraction class (abstract class), which is used to create a class that embodies some basic behavior, declares a method for that class, but does not implement the class in that class. An instance of the abstract class cannot be created. However, you can create a variable whose type is a drawing class and point it to an instance of a specific subclass. You cannot have a smoke-like constructor or a static method of pumping. The subclasses of the Abstract class provide implementations for all the extraction methods in their parent class, otherwise they are also smoke-like classes. Instead, implement the method in the subclass. Other classes that know their behavior can implement these methods in the class.

Interface (interface) is a variant of the extraction class. In an interface, all methods are drawn. Multiple inheritance can be obtained by implementing such an interface. All the methods in the interface are drawn, none of them have a program body. An interface can only define static final member variables. The implementation of an interface is similar to a subclass, except that the implementation class cannot inherit the behavior from the interface definition. When a class implements a special interface, it defines the method (which is given by the program body) to all such interfaces. It can then invoke the interface on any image of the class that implements the interface. Because of the extraction class, it allows you to use the interface name as the type of the reference variable. The usual dynamic binder will take effect. A reference can be converted to an interface type or converted from an interface type, and the instanceof operator can be used to determine whether the class of an object implements an interface.

Page-pass value for ASP.

Session simple, but easy to lose

Application Global

Cookies are simple, but may not be supported, may be forged

Input type= "hidden" is simple and may be forged

URL parameter is simple, display in the address bar, the length is limited

The database is stable and secure, but the performance is relatively weak

2015 4.15 Written examination