zoukankan      html  css  js  c++  java

  • C# 防止SQL注入 转载的

    C# 防止SQL注入攻击

    http://blog.csdn.net/limlimlim/article/details/8629582
     
    l登录判断:select * from T_Users where UserName=... and Password=...,将参数拼到SQL语句中。
    l构造恶意的Password:hello' or 1=1 --
    l                      if (dataReader.Read())
    l                        {
    l                            MessageBox.Show("登陆成功");
    l                        }
    l                        else
    l                        {
    l                            MessageBox.Show("登陆失败");
    l                        }
    l防范注入漏洞攻击的方法:不使用SQL语句拼接,通过参数赋值

              

               string constr = "Data Source=zxtiger;Initial Catalog=itcastcn;Integrated Security=True";
                using (SqlConnection con = new SqlConnection(constr))
                {
                    string sql = "select count(*) from UserLogin where LoginId=@uid and LoginPwd=@pwd";
                    using (SqlCommand cmd = new SqlCommand(sql, con))
                    {
                        ////在执行之前告诉Command对象@uid与@pwd将来用谁来代替
                        ////为变量@uid与@pwd赋值
                        //cmd.Parameters.AddWithValue("@uid", txtUid.Text.Trim());
                        //cmd.Parameters.AddWithValue("@pwd", txtPwd.Text);
                        #region MyRegion
                        //SqlParameter p1 = new SqlParameter("@uid", txtUid.Text.Trim());
                        //cmd.Parameters.Add(p1);

                        //SqlParameter p2 = new SqlParameter("@pwd", txtPwd.Text);
                        //cmd.Parameters.Add(p2);
                        #endregion

                       
                        SqlParameter[] pms = new SqlParameter[] {
                        new SqlParameter("@uid", txtUid.Text.Trim()),
                        new SqlParameter("@pwd", txtPwd.Text)
                        };
                        cmd.Parameters.AddRange(pms);


                        con.Open();
                        int r = Convert.ToInt32(cmd.ExecuteScalar());
                        con.Close();
                        if (r > 0)
                        {
                            MessageBox.Show("登录成功!");
                        }
                        else
                        {
                            MessageBox.Show("登录失败!");
                        }
                    }
                }
  • 相关阅读:
    洛谷 P1990 覆盖墙壁
    洛谷 P1033 自由落体
    洛谷 P2049 魔术棋子
    洛谷 P2183 巧克力
    poj_1743_Musical Theme(后缀数组)
    Codeforces Round #367 (Div. 2) D. Vasiliy's Multiset
    Codeforces Round #367 (Div. 2) C. Hard problem
    hdu_5831_Rikka with Parenthesis II(模拟)
    hdu_5826_physics(物理题)
    hdu_5821_Ball(贪心)
  • 原文地址:https://www.cnblogs.com/justdoitfei/p/4265667.html
Copyright © 2011-2022 走看看