zoukankan      html  css  js  c++  java
  • SQL预编译防注入小测试

    个人对SQL预编译的认识:


    1、效率提升,对SQL语句编译一次可多次使用.避免了硬解析和软解析等步骤,当执行的语句上规模的时候性能差异还是很明显的。
    2、安全提升,预编译之后的SQL语句,语义不会发生变化,安全性有相当大的提升。

     

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using System.Data.SqlClient;
    using System.Data;
    
    namespace PreSql
    {
        class Program
        {
            /*
             * create table test_table
    (
    a nvarchar(20)
    )
    
    
    insert into test_table(a) values('2');*/
            const string conStr = @"Password=1qaz!QAZ;Persist Security Info=True;User ID=sa;Initial Catalog=IBatisNet;Data Source=WANGNCR";
            static void Main(string[] args)
            {
    
                Console.WriteLine("SqlJoin:");
                SqlJoin();
                Console.WriteLine();
                Console.WriteLine("PreSqlTest");
                PreSqlTest();
    
                Console.WriteLine("Completed");
    
                Console.Read();
            }
    
            static void SqlJoin()
            {
                string sql = "select count(*) from test_table where a='{0}'";
                string tmpSql = string.Format(sql, "1' or  '1'='1");
                string tmpSql2 = string.Format(sql, "1");
    
                using (SqlConnection conn = new SqlConnection(conStr))
                {
                    if (conn.State != ConnectionState.Open)
                    {
                        conn.Open();
                    }
                    SqlCommand com = new SqlCommand(tmpSql, conn);
                    object obj = com.ExecuteScalar();
                    Console.WriteLine("SQL注入成功:" + obj.ToString());
    
                    SqlCommand com2 = new SqlCommand(tmpSql2, conn);
                    object obj2 = com2.ExecuteNonQuery();
                    Console.WriteLine("正常应返回-1:" + obj2);
                }
            }
            static void PreSqlTest()
            {
                string sql = "select count(*) from test_table where a=@id";
                using (SqlConnection conn = new SqlConnection(conStr))
                {
                    if (conn.State != ConnectionState.Open)
                    {
                        conn.Open();
                    }
                    SqlCommand com = new SqlCommand(sql, conn);
                    com.Parameters.Add(new SqlParameter
                    {
                        DbType = DbType.String,
                        Size = 256,
                        ParameterName = "@id",
                        Value = "1 or 1=1"
                    });
                    object obj = com.ExecuteScalar();
                    Console.WriteLine("SQL注入不成功:" + obj.ToString());
    
                    SqlCommand com2 = new SqlCommand(sql, conn);
                    com2.Parameters.Add(new SqlParameter
                    {
                        DbType = DbType.String,
                        Size = 256,
                        ParameterName = "@id",
                        Value = "1"
                    });
                    object obj2 = com2.ExecuteNonQuery();
                    Console.WriteLine("正常应返回-1:" + obj2);
                }
            }
        }
    }

    执行结果:

    SqlJoin:
    SQL注入成功:1
    正常应返回-1:-1

    PreSqlTest
    SQL注入不成功:0
    正常应返回-1:-1
    Completed

  • 相关阅读:
    15道简单算法题
    提高SQL查询效率
    算法--两道百度笔试题
    .NET牛人应该知道些什么?
    VS创建、安装、调试 windows服务(windows service)
    Build System 和Test Framework overview总结
    3.8 Templates -- Actions
    3.7 Templates -- Links
    3.6 Templates -- Binding Element Class Names(绑定元素类名)
    3.5 Templates -- Binding Element Attributes(绑定元素属性)
  • 原文地址:https://www.cnblogs.com/wangn/p/4170755.html
Copyright © 2011-2022 走看看