標籤:style blog color io 資料 問題 ar cti
今天在看到朋友說起資料庫sql注入問題說得比較複雜,就寫了一個簡單的列子供大家參考:
SqlConnection con = new SqlConnection(mySql); //用SqlParameter可以防止Sql注入和一些二進位流的問題(片) //SqlParameter sp = new SqlParameter("@username",SqlDbType.VarChar,20); 1:生產名字為@username的參數,2:對應資料庫的類型,3:字串的長度 //sp.Value = txtUserName.Text.Trim(); 給參數賦值 //com.Parameters.Add(sp); 添加到com對象 //可以簡寫成一下形勢 SqlParameter[] sp = { new SqlParameter("@userName", txtUserName.Text.Trim()) , new SqlParameter("@userPwd", txtUserPwd.Text.Trim())}; string str = "select * from UserLogin where [email protected] and [email protected]"; //不需要單引號 SqlCommand com = new SqlCommand(str, con); com.Parameters.AddRange(sp); con.Open(); SqlDataReader sdr = com.ExecuteReader();
首次發帖,如有不當之處還望大牛們指點一二,謝謝。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
