zoukankan      html  css  js  c++  java

  • 参数化查询(简单举例)

      这几天在查一些有关SQL语句防注入的资料,敲敲改改总算弄好了,不多说,贴代码

    string str = @"server=LAPTOP-CM9CUARS;Integrated Security=SSPI;database=Space;";
            using (SqlConnection Conn = new SqlConnection(str))
            {
                Conn.Open(); //打开数据库 
                try
                {
                    using (SqlCommand Cmd = Conn.CreateCommand())
                    {
                        Cmd.CommandText = "select * from tabUsers where ID=@ID and hspwd=@hspwd";
                        Cmd.Parameters.Add(new SqlParameter("@ID", ID));
                        Cmd.Parameters.Add(new SqlParameter("@hspwd", hspwd1));
                        int count = Convert.ToInt32(Cmd.ExecuteScalar());

                        if (count > 0)
                        { 
                            Session["ID1"] = ID;
                            string sql = "select*from tabUsers where id='" + ID + "'";
                            string name = Class.Search(sql);
                            Session["name"] = name;
                            Response.Write("<script>alert('登录成功!');location='Space.aspx'</script>");
                        }
                        else
                            Response.Write("<script>alert('登录失败,请正确填写账号、密码!')</script>");
                    }
                }
  • 相关阅读:
    灾后重建
    购物
    [BZOJ3991][SDOI2015]寻宝游戏
    [BZOJ2286][SDOI2011]消耗战
    [Luogu4149][IOI2011]Race
    [BZOJ4003][JLOI2015]城池攻占
    [HDU5765]Bonds
    [HDU5977]Garden of Eden
    [Luogu4331][Baltic2004]数字序列
    [BZOJ4540][HNOI2016]序列
  • 原文地址:https://www.cnblogs.com/wxy990118/p/6131394.html
Copyright © 2011-2022 走看看