对这个守则有什么想法吗? [英] Any idea about this Code?

问题描述

May Superior告诉它它将解决我的问题，但是我想知道它是如何工作的.所以任何人都可以详细说明吗??

May superior told that it will solve my issue but i want to know how it works. So can anyone elaborate it.?

Dim dt As New DataTable
        Dim da As New SqlDataAdapter("select max(sl_no) from e1 where project.project_id and e1.project_id = '" + Project_IDTextBox.Text + "'", con)

推荐答案

它创建两个新对象(将它们绑定在一起没有任何作用).
一个是DataTable，它在正常情况下包含来自数据源(例如SQL数据库)的数据，但在这种情况下不包含任何数据.
另一个是DataAdapter，通常将其用于将数据提供给DataTable或类似对象.在这种情况下，适配器将通过SQL连接和一个(错误的)select语句来准备，以限制返回的记录.

而你的上级是个白痴.使用类似的代码会使您的数据库遭受SQL注入攻击，这可能会意外或故意破坏或破坏您的数据库. Google的"Bobby Tables"不要以为您发现的只是一个玩笑.使用参数化查询而不是串联字符串.

It creates two new objects (which it does nothing to tie together).
One is a DataTable which under normal conditions contains the data from a data source such as an SQL database, but in this case contains nothing.
The other is a DataAdapter which would normally be used to supply the data to a DataTable or similar object. In this case, the adapter is prepared with a SQL connection, and a (bad) select statement to restrict the record returned.

And your superior is an idiot. Using code like that opens your database up to an SQL Injection attack which can accidentally or deliberately damage or destroy your database. Google "Bobby Tables" and don''t assume that what you find is just a joke. Use parametrised queries instead of concatenating strings.

这篇关于对这个守则有什么想法吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！