发表新帖
发表新帖

How do I protect this function from SQL injection?

前端 未结
关注
11 1165
独厮守ぢ
独厮守ぢ 2020-12-16 18:47 
public static bool TruncateTable(string dbAlias, string tableName)
{
    string sqlStatement = string.Format(\"TRUNCATE TABLE {0}\", tableName);
    return ExecuteNo
11条回答
  • 时光取名叫无心
    时光取名叫无心 (楼主)
    2020-12-16 19:19 

    CREATE OR REPLACE PROCEDURE truncate(ptbl_name IN VARCHAR2) IS
  stmt VARCHAR2(100);
BEGIN
  stmt := 'TRUNCATE TABLE '||DBMS_ASSERT.SIMPLE_SQL_NAME(ptbl_name);
  dbms_output.put_line('<'||stmt||'>');
  EXECUTE IMMEDIATE stmt;
END;

    0 讨论(0)
 看不清?
提交回复
热议问题