zoukankan      html  css  js  c++  java

  • C# 防止SQL注入 转载的

    C# 防止SQL注入攻击

    http://blog.csdn.net/limlimlim/article/details/8629582
     
    l登录判断:select * from T_Users where UserName=... and Password=...,将参数拼到SQL语句中。
    l构造恶意的Password:hello' or 1=1 --
    l                      if (dataReader.Read())
    l                        {
    l                            MessageBox.Show("登陆成功");
    l                        }
    l                        else
    l                        {
    l                            MessageBox.Show("登陆失败");
    l                        }
    l防范注入漏洞攻击的方法:不使用SQL语句拼接,通过参数赋值

              

               string constr = "Data Source=zxtiger;Initial Catalog=itcastcn;Integrated Security=True";
                using (SqlConnection con = new SqlConnection(constr))
                {
                    string sql = "select count(*) from UserLogin where LoginId=@uid and LoginPwd=@pwd";
                    using (SqlCommand cmd = new SqlCommand(sql, con))
                    {
                        ////在执行之前告诉Command对象@uid与@pwd将来用谁来代替
                        ////为变量@uid与@pwd赋值
                        //cmd.Parameters.AddWithValue("@uid", txtUid.Text.Trim());
                        //cmd.Parameters.AddWithValue("@pwd", txtPwd.Text);
                        #region MyRegion
                        //SqlParameter p1 = new SqlParameter("@uid", txtUid.Text.Trim());
                        //cmd.Parameters.Add(p1);

                        //SqlParameter p2 = new SqlParameter("@pwd", txtPwd.Text);
                        //cmd.Parameters.Add(p2);
                        #endregion

                       
                        SqlParameter[] pms = new SqlParameter[] {
                        new SqlParameter("@uid", txtUid.Text.Trim()),
                        new SqlParameter("@pwd", txtPwd.Text)
                        };
                        cmd.Parameters.AddRange(pms);


                        con.Open();
                        int r = Convert.ToInt32(cmd.ExecuteScalar());
                        con.Close();
                        if (r > 0)
                        {
                            MessageBox.Show("登录成功!");
                        }
                        else
                        {
                            MessageBox.Show("登录失败!");
                        }
                    }
                }
  • 相关阅读:
    Java之lambda表达式
    修改IntelliJ IDEA的java编译版本
    no route to host解决方案、Failed to start LSB: Bring up/down networking的问题解决方案
    spark转换集合为RDD
    spark编写word count
    nexus
    spark 源码安装
    spark shell
    maven
    git
  • 原文地址:https://www.cnblogs.com/justdoitfei/p/4265667.html
Copyright © 2011-2022 走看看