zoukankan      html  css  js  c++  java
  • ado.not--数据库防字符串注入攻击学习及 练习

    数据库防字符串注入攻击:
    cmd.CommandText = "update student set name=@Sname,sex=@Ssex,birthday=@Sbirthday,score=@Sscore where code = @Scode";
    cmd.Parameters.Clear();                ---------一个集合
    cmd.Parameters.Add("@Sname", Sname);
    cmd.Parameters.Add("@Ssex", Ssex);   ---------------------用一个占位符 代替输入的字符串,防止执行
    cmd.Parameters.Add("@Sbirthday", Sbirthday);
    cmd.Parameters.Add("@Sscore", Sscore);
    cmd.Parameters.Add("@Scode", Scode);

    练习题:
    1、Car表数据查出显示
    2、请输入要查的汽车名称:
    请输入要查的汽车油耗:
    请输入要查的汽车马力:
    名称:宝马
    油耗:8
    马力:1 

      1 using System;
      2 using System.Collections.Generic;
      3 using System.Linq;
      4 using System.Text;
      5 using System.Threading.Tasks;
      6 using System.Data.SqlClient;
      7 
      8 namespace _06_22
      9 {
     10     class Program
     11     {
     12         static void Main(string[] args)
     13         {
     14 
     15             //练习题: 
     16           
     17                 #region  显示全部
     18                 //1、Car表数据查出显示
     19                 SqlConnection coon = new SqlConnection("server=.;database=Data0425;user=sa;pwd=123;");
     20                 SqlCommand com = coon.CreateCommand();
     21 
     22                 com.CommandText = "select * from car";
     23                 coon.Open();
     24                 SqlDataReader a1 = com.ExecuteReader();
     25                 if (a1.HasRows)
     26                 {
     27                     while (a1.Read())
     28                     {
     29                         Console.WriteLine("编号:" + a1["Code"] + " 品牌:" + a1["name"] + " 油耗:" + a1["oil"] + " 马力:" + a1["powers"] + " 排量:" + a1["exhaust"] + " 价格:" + a1["price"]);
     30                     }
     31                 }
     32 
     33                 coon.Close();
     34                 #endregion
     35 
     36                 //2、请输入要查的汽车名称:
     37                 //    请输入要查的汽车油耗:
     38                 //    请输入要查的汽车马力:
     39                 //名称:宝马
     40                 //油耗:8
     41                 //马力:1
     42 
     43 
     44 
     45                 for (; ; )
     46                 {
     47                     Console.Write("请输入要查的汽车名称:");
     48                     string cname = Console.ReadLine();
     49                     Console.Write("请输入要查的汽车油耗:");
     50                     string coil = Console.ReadLine();
     51                     Console.Write(" 请输入要查的汽车马力:");
     52                     string cpowers = Console.ReadLine();        //输入查询内容
     53 
     54 
     55                     #region       三项不为空时
     56                     if (cname != "" && coil != "" && cpowers != "")   //三项不为空时
     57                     {
     58                         com.CommandText = "select * from car where name like @cname and oil like @coil and powers like @cpowers ";
     59 
     60                         com.Parameters.Clear();  ------防字符串注入攻击
     61                         com.Parameters.Add("@cname","%"+cname+"%");
     62                         com.Parameters.Add("@coil","%"+coil+"%");
     63                         com.Parameters.Add("@cpowers","%"+cpowers+"%");
     64 
     65                         coon.Open();
     66                         SqlDataReader c1 = com.ExecuteReader();
     67                         if (c1.HasRows)
     68                         {
     69                             while (c1.Read())
     70                             {
     71                                 Console.WriteLine("编号:" + c1["Code"] + " 品牌:" + c1["name"] + " 油耗:" + c1["oil"] + " 马力:" + c1["powers"] + " 排量:" + c1["exhaust"] + " 价格:" + c1["price"]);
     72                             }
     73                             Console.Write("是否结束?[y/n]");   ------是否跳出
     74                             string js = Console.ReadLine();
     75                             if (js == "y")
     76                             { break; }
     77                         }
     78                         else
     79                         { Console.WriteLine("查无此项!!!重新输入!!"); }
     80                         coon.Close();
     81                     }
     82 
     83                     #endregion
     84 
     85                     #region       cname为空时
     86                     else if (cname == "" && coil != "" && cpowers != "")
     87                     {
     88                         com.CommandText = "select * from car where oil like @coil and powers like @cpowers ";
     89 
     90                         com.Parameters.Clear();
     91                         com.Parameters.Add("@coil", "%" + coil + "%");
     92                         com.Parameters.Add("@cpowers", "%" + cpowers + "%");
     93 
     94                         coon.Open();
     95                         SqlDataReader c1 = com.ExecuteReader();
     96                         if (c1.HasRows)
     97                         {
     98                             while (c1.Read())
     99                             {
    100                                 Console.WriteLine("编号:" + c1["Code"] + " 品牌:" + c1["name"] + " 油耗:" + c1["oil"] + " 马力:" + c1["powers"] + " 排量:" + c1["exhaust"] + " 价格:" + c1["price"]);
    101                             }
    102                             Console.Write("是否结束?[y/n]");
    103                             string js = Console.ReadLine();
    104                             if (js == "y")
    105                             { break; }
    106                         }
    107                         else
    108                         { Console.WriteLine("查无此项!!!重新输入!!"); }
    109                         coon.Close();
    110                     }
    111 
    112                     #endregion
    113 
    114                     #region      coil为空时
    115                     else if (cname != "" && coil == "" && cpowers != "")
    116                     {
    117                         com.CommandText = "select * from car where name like @cname and powers like @cpowers ";
    118 
    119                         com.Parameters.Clear();
    120                         com.Parameters.Add("@cname", "%" + cname + "%");
    121                         com.Parameters.Add("@cpowers", "%" + cpowers + "%");
    122 
    123                         coon.Open();
    124                         SqlDataReader c1 = com.ExecuteReader();
    125                         if (c1.HasRows)
    126                         {
    127                             while (c1.Read())
    128                             {
    129                                 Console.WriteLine("编号:" + c1["Code"] + " 品牌:" + c1["name"] + " 油耗:" + c1["oil"] + " 马力:" + c1["powers"] + " 排量:" + c1["exhaust"] + " 价格:" + c1["price"]);
    130                             }
    131                             Console.Write("是否结束?[y/n]");
    132                             string js = Console.ReadLine();
    133                             if (js == "y")
    134                             { break; }
    135                         }
    136                         else
    137                         { Console.WriteLine("查无此项!!!重新输入!!"); }
    138                         coon.Close();
    139                     }
    140 
    141                     #endregion
    142 
    143                     #region       cpowers为空时
    144                     else if (cname != "" && coil != "" && cpowers == "")
    145                     {
    146                         com.CommandText = "select * from car where name like @cname and oil like @coil ";
    147 
    148                         com.Parameters.Clear();
    149                         com.Parameters.Add("@cname", "%" + cname + "%");
    150                         com.Parameters.Add("@coil", "%" + coil + "%");
    151 
    152                         coon.Open();
    153                         SqlDataReader c1 = com.ExecuteReader();
    154                         if (c1.HasRows)
    155                         {
    156                             while (c1.Read())
    157                             {
    158                                 Console.WriteLine("编号:" + c1["Code"] + " 品牌:" + c1["name"] + " 油耗:" + c1["oil"] + " 马力:" + c1["powers"] + " 排量:" + c1["exhaust"] + " 价格:" + c1["price"]);
    159                             }
    160                             Console.Write("是否结束?[y/n]");
    161                             string js = Console.ReadLine();
    162                             if (js == "y")
    163                             { break; }
    164                         }
    165                         else
    166                         { Console.WriteLine("查无此项!!!重新输入!!"); }
    167                         coon.Close();
    168                     }
    169 
    170                     #endregion
    171 
    172                     #region       cname不为空时
    173                     else if (cname != "" && coil == "" && cpowers == "")
    174                     {
    175                         com.CommandText = "select * from car where name like @cname";
    176 
    177                         com.Parameters.Clear();
    178                         com.Parameters.Add("@cname", "%" + cname + "%");
    179                        
    180                         coon.Open();
    181                         SqlDataReader c1 = com.ExecuteReader();
    182                         if (c1.HasRows)
    183                         {
    184                             while (c1.Read())
    185                             {
    186                                 Console.WriteLine("编号:" + c1["Code"] + " 品牌:" + c1["name"] + " 油耗:" + c1["oil"] + " 马力:" + c1["powers"] + " 排量:" + c1["exhaust"] + " 价格:" + c1["price"]);
    187                             }
    188                             Console.Write("是否结束?[y/n]");
    189                             string js = Console.ReadLine();
    190                             if (js == "y")
    191                             { break; }
    192                           
    193                         }
    194                         else
    195                         { Console.WriteLine("查无此项!!!重新输入!!"); }
    196                         coon.Close();
    197                     }
    198 
    199                     #endregion
    200 
    201                     #region       coil不为空时
    202                     else if (cname == "" && coil != "" && cpowers == "")
    203                     {
    204                         com.CommandText = "select * from car where oil like @coil";
    205 
    206                         com.Parameters.Clear();
    207                         com.Parameters.Add("@coil", "%" + coil + "%");
    208 
    209                         coon.Open();
    210                         SqlDataReader c1 = com.ExecuteReader();
    211                         if (c1.HasRows)
    212                         {
    213                             while (c1.Read())
    214                             {
    215                                 Console.WriteLine("编号:" + c1["Code"] + " 品牌:" + c1["name"] + " 油耗:" + c1["oil"] + " 马力:" + c1["powers"] + " 排量:" + c1["exhaust"] + " 价格:" + c1["price"]);
    216                             }
    217                             Console.Write("是否结束?[y/n]");
    218                             string js = Console.ReadLine();
    219                             if (js == "y")
    220                             { break; }
    221                         }
    222                         else
    223                         { Console.WriteLine("查无此项!!!重新输入!!"); }
    224                         coon.Close();
    225                     }
    226 
    227                     #endregion
    228 
    229                     #region       cpowers不为空时
    230                     else if (cname == "" && coil == "" && cpowers != "")
    231                     {
    232                         com.CommandText = "select * from car where  powers like @cpowers ";
    233 
    234                         com.Parameters.Clear();
    235                         com.Parameters.Add("@cpowers", "%" + cpowers + "%");
    236 
    237                         coon.Open();
    238                         SqlDataReader c1 = com.ExecuteReader();
    239                         if (c1.HasRows)
    240                         {
    241                             while (c1.Read())
    242                             {
    243                                 Console.WriteLine("编号:" + c1["Code"] + " 品牌:" + c1["name"] + " 油耗:" + c1["oil"] + " 马力:" + c1["powers"] + " 排量:" + c1["exhaust"] + " 价格:" + c1["price"]);
    244                             }
    245                             Console.Write("是否结束?[y/n]");
    246                             string js = Console.ReadLine();
    247                             if (js == "y")
    248                             { break; }
    249                         }
    250                         else
    251                         { Console.WriteLine("查无此项!!!重新输入!!"); }
    252                         coon.Close();
    253                     }
    254 
    255                     #endregion
    256 
    257                   
    258                    
    259                 } 
    260             Console.ReadLine();
    261         }
    262     }     
    263 }

  • 相关阅读:
    PointToPointNetDevice doesn't support TapBridgeHelper
    NS3系列—10———NS3 NodeContainer
    NS3系列—9———NS3 IP首部校验和
    NS3系列—8———NS3编译运行
    【习题 7-6 UVA
    【Good Bye 2017 C】 New Year and Curling
    【Good Bye 2017 B】 New Year and Buggy Bot
    【Good Bye 2017 A】New Year and Counting Cards
    【Educational Codeforces Round 35 D】Inversion Counting
    【Educational Codeforces Round 35 C】Two Cakes
  • 原文地址:https://www.cnblogs.com/tonyhere/p/5620414.html
Copyright © 2011-2022 走看看