c# 登录防止sql注入 mysql数据库

2023-11-07 21:39•java•阅读 685

利用参数化防止SQL注入

    public string serachName(string name)
        {
            
            string result = "";
            try
            {
                conn.Open();
                string sqlstr = "select * from student where name like @serach_name";
                SqlParameter namevalue = new SqlParameter("@serach_name", name);
                MySqlCommand cmd = new MySqlCommand(sqlstr, conn);
                cmd.Parameters.AddRange(new MySqlParameter[] { new MySqlParameter("@serach_name", MySqlDbType.String) { Value = "%" + name + "%" } });
                MySqlDataReader reader = cmd.ExecuteReader();
               
                while(reader.Read())
                {
                    int sno = reader.GetInt32(reader.GetOrdinal("sno"));
                    string tempname = reader.GetString(reader.GetOrdinal("name"));
                    string sex = reader.GetString(reader.GetOrdinal("sex"));
                    int age = reader.GetInt32(reader.GetOrdinal("age"));
                    result += sno + " " + tempname + " " + sex + " " + age + "<br>";
                } 
            }catch(Exception ex)
            {
                Console.WriteLine(ex.ToString());
            }
            finally
            {
                conn.Close();
            }
            return result;
        }

stirng nn="aa or 1=1";

"select * from tb where t1='"+nn+"'";

//防注入

"select * from tb where t1=@N";

cmd.Parameters.Add(new SqlParameter(@N,aa or 1=1));

第一句

select * from tb where t1='aa' or 1=1

第二句

select * from tb where t1='aa' or 1=1'

c# 登录 防止sql注入 mysql数据库

相关推荐

PHP防止sql注入-JS注入

php PDO简介和操作

php部分---PDO;

php+mysql如何防止sql注入？

ASP.NET会员注册登录模块，MD5加密,Parameters防止SQL注入,判断是否注册

CentOS 配置mysql允许远程登录

SQL--数据库的备份和还原，mysql

SQL--数据库的备份和还原，mysql

c# 登录防止sql注入 mysql数据库