发表新帖
发表新帖

Safety from SQL injection

前端 未结
关注
3 854
栀梦
栀梦 2021-01-17 04:24 
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings[\"techconn\"].ToString());

            SqlCommand com = new SqlCommand(\"select * from
3条回答
  • 没有蜡笔的小新
    没有蜡笔的小新 (楼主)
    2021-01-17 04:45

    In short, the answer is no. You need to always use parameters in your queries.

    SqlCommand com = new SqlCommand("select * from hs where ac between @ac1 and @ac2 and em=@em", con);

    You then add the parameters to your SqlCommand object (com).

    0 讨论(0)
 看不清?
提交回复
热议问题