防止SQL注入-参数化SQL例代码asp.net


/// <summary> /// 更新一条数据 /// </summary> public void Update(Web.Model.T_Class model) { StringBuilder strSql = new StringBuilder(); strSql.Append("update T_sadfsd set "); strSql.Append("CName=@CName,"); strSql.Append("CFatherID=@CFatherID"); strSql.Append(" where CID=@CID "); SqlParameter[] parameters = { new SqlParameter("@CID", SqlDbType.Int,4), new SqlParameter("@CName", SqlDbType.NVarChar,50), new SqlParameter("@CFatherID", SqlDbType.Int,4)}; parameters[0].Value = model.CID; parameters[1].Value = model.CName; parameters[2].Value = model.CFatherID; DbHelperSQL.ExecuteSql(strSql.ToString(), parameters); }
=========================================================================================================================
     
     
string sql = " insert into S_Admin(UserName,Password,Remark,Mail,DepartId,Power)values(@UserName,@Password,@Remark,@Mail,@DepartId,@Power) " ; SqlConnection connection = new SqlConnection(); connection.ConnectionString = "" ; // 此处设置链接字符串 SqlCommand command = new SqlCommand(sql, connection); command.Parameters.Add( " @UserName " ,SqlDbType.NVarChar, 60 ).Value = userName; command.Parameters.Add( " @Password " , SqlDbType.NVarChar, 60 ).Value = password; command.Parameters.Add( " @Remark " , SqlDbType.NVarChar, 60 ).Value = remark; command.Parameters.Add( " @Mail " , SqlDbType.NVarChar, 60 ).Value = mail; command.Parameters.Add( " @DepartId " , SqlDbType.Int, 4 ).Value = departId; command.Parameters.Add( " @Power " , SqlDbType.Int, 4 ).Value = power; connection.Open(); int rowsAffected = command.ExecuteNonQuery(); connection.Close(); command.Dispose(); return rowsAffected > 0 ;
=========================================================================================================================
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值