zoukankan      html  css  js  c++  java
  • 防注入攻击

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using System.Threading.Tasks;
    using System.Data.SqlClient;

    namespace 作业操作数据库
    {
    class Program
    {
    static void Main(string[] args)
    {
    //作业:
    //1、让用户输入一个代号,查到一条数据(car,info),并显示
    //2、输出提示,输入1删除该数据,输入2修改数据,输入3添加数据
    //3、当用户输入1,把查到的这条数据删除
    //4、当用户输入2,提示输入其他值,主键不修改,输入完成,修改这项数据
    //5、当用户输入3,提示用户输入所有的列,然后保存到数据库

    string [] AR = new string[] { "code","姓名","性别","民族","生日"};
    //用户输入代号
    Console.WriteLine("请输入要查询的代号");
    string code = Console.ReadLine();

    //造连接对象
    SqlConnection conn = new SqlConnection("server=.;database=mydb;user=sa;pwd=diushiDEwutong0");

    //造命令对象
    SqlCommand cmd = conn.CreateCommand();

    //给命令对象SQL语句
    cmd.CommandText = "select * from Info where code=@code";
    //防注入
    //该变量绑定参数
    cmd.Parameters.Clear();
    cmd.Parameters.AddWithValue("@code",code);

    //打开连接
    conn.Open();

    SqlDataReader dr = cmd.ExecuteReader();

    if (dr.HasRows)
    {
    while (dr.Read())
    {
    int i = 0;

    while (i < dr.FieldCount)
    {
    Console.Write(AR[i] + " ");
    i++;
    }
    Console.Write(" ");
    i = 0;
    while (i < dr.FieldCount)
    {
    Console.Write(dr[i] + " ");
    i++;
    }
    Console.Write(" ");
    }
    }
    else
    {
    Console.WriteLine("未查询到数据");
    while (true)
    {
    dr.Close();
    Console.WriteLine("请重新输入要查询的代号");
    code = Console.ReadLine();

    cmd.CommandText = "select * from Info where code=@code";
    cmd.Parameters.Clear();
    cmd.Parameters.AddWithValue("@code", code);
    dr = cmd.ExecuteReader();
    if (dr.HasRows)
    {
    while (dr.Read())
    {
    int i = 0;

    while (i < dr.FieldCount)
    {
    Console.Write(AR[i] + " ");
    i++;
    }
    Console.Write(" ");
    i = 0;
    while (i < dr.FieldCount)
    {
    Console.Write(dr[i] + " ");
    i++;
    }
    Console.Write(" ");
    }
    break;
    }
    else
    {
    Console.WriteLine("未查询到数据");
    }
    }
    }


    while (true)
    {
    Console.WriteLine("输入1删除该数据,输入2修改数据,输入3添加数据,输入其他跳出程序");
    string s = Console.ReadLine();
    if (s ==" 1")
    {
    if (dr.HasRows)
    {
    Console.WriteLine("确认删除请输入:1");
    int sc = int.Parse(Console.ReadLine());
    if (sc == 1)
    {
    dr.Close();
    cmd.CommandText = "delete from Info where code=@code";
    cmd.Parameters.Clear();
    cmd.Parameters.AddWithValue("@code", code);
    cmd.ExecuteNonQuery();
    Console.WriteLine("删除成功");
    }
    else
    {
    Console.WriteLine("取消操作");
    }
    }
    }
    else if (s == "2")//修改内容
    {
    while (true)
    {
    dr.Close();
    Console.Write("请输入要修改的列名:");
    string str = Console.ReadLine();
    string gai = "";
    switch (str)
    {
    case "姓名":
    gai = "Name";
    break;
    case "性别":
    gai = "Sex";
    break;
    case "民族":
    gai = "Nation";
    break;
    case "生日":
    gai = "Birthday";
    break;
    default:
    Console.WriteLine("输入错误");
    continue;

    }
    if (gai == "Sex")
    {
    Console.Write("请输入要修改的内容:");
    bool sex = Console.ReadLine() == "男" ? true : false;
    cmd.CommandText = "update Info set " + gai + "='" + sex + "' where Code=@code";
    cmd.ExecuteNonQuery();
    }
    else if (gai == "Nation")
    {
    string nationcode = "n001";
    Console.Write("请输入要修改的内容:");
    string nation = Console.ReadLine();
    cmd.CommandText = "select Code from Nation where Name = '" + nation + "'";
    dr.Close();
    dr = cmd.ExecuteReader();
    if (dr.HasRows)
    {
    dr.Read();
    nationcode = dr[0].ToString();
    }
    cmd.CommandText = "update Info set " + gai + "='" + nationcode + "' where Code=@code";
    dr.Close();
    cmd.ExecuteNonQuery();
    }
    else
    {
    Console.Write("请输入要修改的内容:");
    string neirong = Console.ReadLine();
    cmd.CommandText = "update Info set " + gai + "='" + neirong + "' where Code=@code";
    cmd.ExecuteNonQuery();
    }
    Console.WriteLine("修改成功!");
    Console.WriteLine("修改后的内容为:");

    cmd.CommandText = "select * from Info where code=@code";
    cmd.Parameters.Clear();
    cmd.Parameters.AddWithValue("@code", code);
    dr = cmd.ExecuteReader();
    if (dr.HasRows)
    {
    while (dr.Read())
    {
    int i = 0;

    while (i < dr.FieldCount)
    {
    Console.Write(AR[i] + " ");
    i++;
    }
    Console.Write(" ");
    i = 0;
    while (i < dr.FieldCount)
    {
    Console.Write(dr[i] + " ");
    i++;
    }
    Console.Write(" ");
    }
    }
    Console.WriteLine("是否继续修改?继续修改输入1;不修改输入任意键");
    int b = int.Parse(Console.ReadLine());
    if (b == 1)
    {
    Console.WriteLine("继续修改");
    }
    else
    {
    break;
    }

    }

    }
    else if (s == "3")//添加数据
    {
    //让用户输入要添加的内容
    Console.WriteLine("请输入要添加的代号:");
    code = Console.ReadLine();

    Console.WriteLine("请输入姓名:");
    string name = Console.ReadLine();

    Console.WriteLine("请输入性别:(男或女)");
    bool sex = Console.ReadLine() == "男" ? true : false;

    Console.WriteLine("请输入民族:");
    string nation = Console.ReadLine();

    Console.WriteLine("请输入生日:");
    string birthday = Console.ReadLine();

    string nationcode = "n001";

    //将民族名称转为名族代号
    cmd.CommandText = "select Code from Nation where Name = '" + nation + "'";
    dr.Close();

    dr = cmd.ExecuteReader();
    if (dr.HasRows)
    {
    dr.Read();
    nationcode = dr[0].ToString();
    }
    //往Info表添加数据
    cmd.CommandText = "insert into Info values('" + code + "','" + name + "','" + sex + "','" + nationcode + "','" + birthday + "')";
    dr.Close();
    cmd.ExecuteNonQuery();
    Console.WriteLine("添加成功!");

    Console.WriteLine("添加的内容为:");
    cmd.CommandText = "select * from Info where code=@code";
    cmd.Parameters.Clear();
    cmd.Parameters.AddWithValue("@code", code);
    dr = cmd.ExecuteReader();
    if (dr.HasRows)
    {
    while (dr.Read())
    {
    int i = 0;

    while (i < dr.FieldCount)
    {
    Console.Write(AR[i] + " ");
    i++;
    }
    Console.Write(" ");
    i = 0;
    while (i < dr.FieldCount)
    {
    Console.Write(dr[i] + " ");
    i++;
    }
    Console.Write(" ");
    }
    }

    }
    else
    {
    Console.WriteLine("程序跳出");
    break;
    }
    }
    conn.Close();
    Console.ReadLine();


    }
    }
    }

  • 相关阅读:
    mysql面试题
    Zookeeper与Kafka基础概念和原理
    Docker资源限制
    企业级仓库harbor搭建
    基于容器制作镜像
    docker基础学习(一)
    docker往阿里云推镜像和打包镜像
    Dockfile制作镜像
    算法Sedgewick第四版-第1章基础-006一封装输出(文件)
    算法Sedgewick第四版-第1章基础-005一封装输入(可以文件,jar包里的文件或网址)
  • 原文地址:https://www.cnblogs.com/kun-boke/p/5880359.html
Copyright © 2011-2022 走看看