发表新帖
发表新帖

how to prevent SQL Injection

前端 未结
关注
3 1807
旧时难觅i
旧时难觅i 2020-12-10 18:28

I am using stored procedures. In order to save time, I made some generic procedures that uses dynamic sqlin order to update. Such generic procedure is:

CREAT
3条回答
  • 隐瞒了意图╮
    隐瞒了意图╮ (楼主)
    2020-12-10 18:52

    You said:

    In order to save time, I made some generic procedures that uses dynamic sql in order to update

    If you'd asked first, we could have saved time and suggested this...

    UPDATE
    dbo.TABLE
SET
    Field1 = CASE WHEN @field_name = 'Field1' THEN @value ELSE Field1 END,
    Field2 = CASE WHEN @field_name = 'Field2' THEN @value ELSE Field2 END,
    Field3 = CASE WHEN @field_name = 'Field3' THEN @value ELSE Field3 END,
    ...
    Fieldn = CASE WHEN @field_name = 'Fieldn' THEN @value ELSE Fieldn END
WHERE
    company_id = @company_id AND id = @id

    0 讨论(0)
 看不清?
提交回复
热议问题