1.如何要使用SQL注入 反之恶意侵入页面
2.如实现SQL注入
修改DBhelper文件
public class DBhlper
{
public static string connstr = ConfigurationManager.ConnectionStrings["DB"].ConnectionString;/// <summary>
/// /进行数据链接
/// </summary>
/// <param name="sql"></param>
/// <param name="SqlParameters"></param>
/// <returns></returns>
public static DataTable ExcuteQuery(string sql,params SqlParameter[] SqlParameters)/加参数
{
using (SqlDataAdapter sqlDataAdapter=new SqlDataAdapter(sql, connstr))
{
DataTable dataTable = new DataTable();
sqlDataAdapter.Fill(dataTable);
return dataTable;
}
}
public static int ExcuteNonQuery(string sql,params SqlParameter[] sqlParameters)
{
using (SqlConnection sqlConnection = new SqlConnection(connstr))
{
using(SqlCommand sqlCommand=new SqlCommand(sql, sqlConnection))
{
if(sqlParameters !=null&& sqlParameters.Count() > 0)判断参数是否为空
{
sqlCommand.Parameters.AddRange(sqlParameters);
}
sqlConnection.Open();
return sqlCommand.ExecuteNonQuery();
}
}
}