如何连接到SQL数据库 [英] How to connect to a SQL database

问题描述

我有以下代码：

I have the following code:

展开 | 选择 | Wrap | 行号

推荐答案

你不应该是通过将用户输入直接连接到其中来创建SQL命令。这使您可以对 SQL注入攻击（其中用户输入SQL而不是预期值，因为您要将它添加到SQL命令中，它们的SQL命令将被执行）。您应该使用参数来避免这种类型的攻击。<​​br />

请查看：如何在程序中使用数据库。


修改代码以使用参数后，查看是否作品。您可以通过检查 ExecuteNonQuery（）方法。


-Frinny

You should not be creating your SQL command by concatenating user input directly into it. This leaves you wide open to a SQL Injection attack (where the user inputs SQL instead of the intended value and because you are adding it into your SQL command, their SQL command gets executed). You should be using Parameters to avoid this type of attack.

Please review: How to use a database in your program.

After modifying your code to use parameters, see if it works. You can check the number of rows that were effected by the update by checking the Integer that is returned by the ExecuteNonQuery() method.

-Frinny

Frinny，


如果最好的方法是使用参数通过下拉列表和文本框将数据直接输入到我的SQL中，因为我从中获取值用户，接受用户输入的最佳方式是什么？


Doug

Frinny,

If the best way would be to use Parameters to input data directly into my SQL with the drop down lists and text boxes I have, since I''m taking values from the users, what would be the best way to accept input from the users?

Doug

您接受来自用户使用TextBoxes和DropDownLists的输入以及执行任务所需的任何其他类型的控件。


然后根据您的要求验证他们提供的输入是否正确。


然后你使用它来提供输入到SqlCommand的值参数属性，以便用户输入可用于查询或更新您的数据库。


使用参数时，任何用户提供的输入都将被视为文字。而不是作为命令的一部分。它不会编译到您要执行的SQL查询/更新中。


这有意义吗？

You accept the input from the users using TextBoxes and DropDownLists and any other types of controls you need to do the task.

Then you validate that the input they provided is correct according to your requirements.

Then you supply the values the input to the SqlCommand using it''s Parameters Property so that the user input can be used to query or update your database.

When you use parameters, any user provided input will be treated as a "Literal" instead of as part of the command. It is not compiled into the SQL query/update that you are going to execute.

Does this make sense?

这篇关于如何连接到SQL数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！