C # Methods of anti-SQL injection when using SQL statements with like

The example in this paper describes what to do if you encounter a like situation when stitching SQL statements.

When a simple concatenation string is used with a SQL statement with like, the rate of SQL injection is required to open. This is really a problem to be aware of.

Here combined with some of the information to do a preliminary collation.

As such an SQL statement:

SELECT * from game where gamename like '% Zhang San% '

In C #, say:

String keywords = "Zhang San"; StringBuilder strsql=new StringBuilder (); Strsql.append ("select * from game where gamename like @keywords"); Sqlparameter[] parameters=new sqlparameter[]{new SqlParameter ("@keywords", "%" +keywords+ "%"),};

Although the use of this is still in% to write, but can effectively filter the SQL injection situation, or is very simple and practical.

It is believed that this article can be used for reference to build a safer C # database program for everyone.

In addition to the Declaration, Running GuestArticles are original, reproduced please link to the form of the address of this article
C # Methods of anti-SQL injection when using SQL statements with like

This address: http://www.paobuke.com/develop/c-develop/pbk23555.html

Related content C # make easy Screensavers c#êμ?? ′???? ÷1|? Üμ? Comboboxc# using foreach statements to traverse queues (queue) C # Implement the Express API interface call method
Algorithm practice starting from String.IndexOf simulation Implementation C # invoke CMD command instance C # to implement multiple inheritance methods in C # The difference between struct and class

C # Methods of anti-SQL injection when using SQL statements with like