The example in this paper describes what to do if you encounter a like situation when stitching SQL statements.
When a simple concatenation string is used with a SQL statement with like, the rate of SQL injection is required to open. This is really a problem to be aware of.
Here combined with some of the information to do a preliminary collation.
As such an SQL statement:
SELECT * from game where gamename like '% Zhang San% '
In C #, say:
String keywords = "Zhang San"; StringBuilder strsql=new StringBuilder (); Strsql.append ("select * from game where gamename like @keywords"); Sqlparameter[] parameters=new sqlparameter[]{new SqlParameter ("@keywords", "%" +keywords+ "%"),};
Although the use of this is still in% to write, but can effectively filter the SQL injection situation, or is very simple and practical.
It is believed that this article can be used for reference to build a safer C # database program for everyone.
In addition to the Declaration,
Running GuestArticles are original, reproduced please link to the form of the address of this article
C # Methods of anti-SQL injection when using SQL statements with like
This address: http://www.paobuke.com/develop/c-develop/pbk23555.html
Related content C # make easy Screensavers c#êμ?? ′???? ÷1|? Üμ? Comboboxc# using foreach statements to traverse queues (queue) C # Implement the Express API interface call method
Algorithm practice starting from String.IndexOf simulation Implementation C # invoke CMD command instance C # to implement multiple inheritance methods in C # The difference between struct and class
C # Methods of anti-SQL injection when using SQL statements with like