C # Methods of anti-SQL injection when using SQL statements with like

Source: Internet
Author: User

The example in this paper describes what to do if you encounter a like situation when stitching SQL statements.

When a simple concatenation string is used with a SQL statement with like, the rate of SQL injection is required to open. This is really a problem to be aware of.

Here combined with some of the information to do a preliminary collation.

As such an SQL statement:

SELECT * from game where gamename like '% Zhang San% '

In C #, say:

String keywords = "Zhang San"; StringBuilder strsql=new StringBuilder (); Strsql.append ("select * from game where gamename like @keywords"); Sqlparameter[] parameters=new sqlparameter[]{new SqlParameter ("@keywords", "%" +keywords+ "%"),};

Although the use of this is still in% to write, but can effectively filter the SQL injection situation, or is very simple and practical.

It is believed that this article can be used for reference to build a safer C # database program for everyone.

In addition to the Declaration, Running GuestArticles are original, reproduced please link to the form of the address of this article
C # Methods of anti-SQL injection when using SQL statements with like

This address: http://www.paobuke.com/develop/c-develop/pbk23555.html






Related content C # make easy Screensavers c#êμ?? ′???? ÷1|? Üμ? Comboboxc# using foreach statements to traverse queues (queue) C # Implement the Express API interface call method
Algorithm practice starting from String.IndexOf simulation Implementation C # invoke CMD command instance C # to implement multiple inheritance methods in C # The difference between struct and class

C # Methods of anti-SQL injection when using SQL statements with like

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.