Full modification and deletion and anti-string injection attacks

Complete modification:

1 //1. Receive the student number entered by the user2Console.Write ("Please enter the student number to be modified:");3                 stringScode =console.readline ();4 5                 //2. Judge whether or not this student6SqlConnection conn =NewSqlConnection ("server=.; database=data0425;user=sa;pwd=123;");7SqlCommand cmd =Conn. CreateCommand ();8Cmd.commandtext ="Select *from Student where code = '"+ Scode +"'";9 Conn. Open ();TenSqlDataReader dr =cmd. ExecuteReader (); One                 //3, there is this student, then continue to modify the operation, if not, prompted no confidence in this student, can not modify A                 if(Dr. HasRows) -                 { -Hasstu =true; the                 } -                 Else -                 { -Hasstu =false; +                 } - Conn. Close (); +  A                 if(Hasstu) at                 { -Console.WriteLine ("The student information has been queried, please make changes:"); -Console.Write ("Please enter the name of the student after the change:"); -                     stringSname =console.readline (); -Console.Write ("Please enter the gender of the student after the change:"); -                     BOOLSsex =Convert.toboolean (Console.ReadLine ()); inConsole.Write ("Please enter the student's birthday after the change:"); -DateTime Sbirthday =Convert.todatetime (Console.ReadLine ()); toConsole.Write ("Please enter the student score after the change:"); +                     decimalSscore =Convert.todecimal (Console.ReadLine ()); -  theCmd.commandtext ="Update student set Name= '"+ Sname +"', sex= '"+ Ssex +"', birthday= '"+ Sbirthday +"', score="+ Sscore +"WHERE code = '"+ Scode +"'"; *  $ Conn. Open ();Panax Notoginseng cmd. ExecuteNonQuery (); -Console.WriteLine ("modified successfully! "); the Conn. Close (); +                      Break; A                 } the                 Else +                 { -Console.WriteLine ("do not check this student, please re-enter! Press any key to continue ..."); $ Console.readkey (); $ console.clear (); -                 } -             } the  -Console.ReadLine ();

Delete and modify the same as the judgment, just change the statement to delete the statement.

To prevent string injection attacks:

1Cmd.commandtext ="Update student Set [email protected],[email protected],[email protected],[email protected] Where code = @Scode";//The SQL statement uses the @ index instead of the data that was supposed to be added. 2Cmd. Parameters.clear ();//clear the collection before use3Cmd. Parameters.Add ("@Sname", Sname);//add data to the collection, preceded by the index number with @, followed by the added data, all types can be added. 4Cmd. Parameters.Add ("@Ssex", Ssex);5Cmd. Parameters.Add ("@Sbirthday", sbirthday);6Cmd. Parameters.Add ("@Sscore", Sscore);7Cmd. Parameters.Add ("@Scode", Scode);

Full modification and deletion and anti-string injection attacks