SQL防注入
2015-11-07 22:26
435 查看
方式一:
string sqlS = "select * from Info WHERE Sequ
4000
ence=@Sequence";
string sqlConStr = @"Data Source = PANLEE-PC\MSSQLSERVER_2; Initial Catalog = ASPNET; Persist Security Info = True; User ID = sa; Password = lipan";
using (SqlConnection sqlCon = new SqlConnection(sqlConStr))
{
sqlCon.Open();
using (SqlCommand sqlCmd = new SqlCommand(sqlS, sqlCon))
{
sqlCmd.Parameters.Add(new SqlParameter("Sequence", 21));
var dataReturn = sqlCmd.ExecuteScalar();
}
}
方式二:
string sqlS = "SELECT * FROM Info WHERE Name=@userName";
SqlParameter[] sqlPara = new SqlParameter[] { new SqlParameter("@userName", SqlDbType.NVarChar, 10) };
sqlPara[0].Value = context.Request.Form["userName"].ToString();
if (SqlHelper.Exists(sqlS, sqlPara))
{ return true; }
else { return false; }
string sqlS = "select * from Info WHERE Sequ
4000
ence=@Sequence";
string sqlConStr = @"Data Source = PANLEE-PC\MSSQLSERVER_2; Initial Catalog = ASPNET; Persist Security Info = True; User ID = sa; Password = lipan";
using (SqlConnection sqlCon = new SqlConnection(sqlConStr))
{
sqlCon.Open();
using (SqlCommand sqlCmd = new SqlCommand(sqlS, sqlCon))
{
sqlCmd.Parameters.Add(new SqlParameter("Sequence", 21));
var dataReturn = sqlCmd.ExecuteScalar();
}
}
方式二:
string sqlS = "SELECT * FROM Info WHERE Name=@userName";
SqlParameter[] sqlPara = new SqlParameter[] { new SqlParameter("@userName", SqlDbType.NVarChar, 10) };
sqlPara[0].Value = context.Request.Form["userName"].ToString();
if (SqlHelper.Exists(sqlS, sqlPara))
{ return true; }
else { return false; }
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- oracle备份
- MySql绿色版安装过程记录
- mysql 学习记录(二十五)--mysql日志
- GreenDAO数据库版本升级
- 改进PostgreSQL锁机制
- 数据库入门
- 全参考视频质量评价方法(PSNR,SSIM)以及相关数据库
- RMAN Catalog 和 Nocatalog 的区别
- mysql备份
- MariaDB数据库介绍之一、备份(mysqldump、lvm2快照、xtrabackup)
- redis3.0.2 编译安装(启动参数方式启动)
- Spark入门之七:了解SparkSQL运行计划及调优
- MySql数据库 事务隔离级别
- Spark入门之六:SparkSQL实战
- Spark入门之五:SparkSQL的原理以及架构
- mongodb(Windows)安装、测试
- SQL中删除同一字段中重复的值
- 数据库范式——通俗易懂
- MariaDB数据库介绍之二、复制
- SQL语句(续)