验证文本框以防止使用引号 [英] Validation of a textbox to prevent quotation marks to be used

问题描述

我正在尝试防止发生一些基本的sql注入.我似乎无法阻止在文本框中插入单引号或双引号.我该怎么办?

I am trying to prevent some basic sql injections to occur. I can''t seem to prevent a textbox from having the single quote or double quotation marks inserted into it. How would I do this ?

推荐答案

亲爱的朋友，

在这里，您必须禁止用户在按键事件上未输入可能导致SQL注入错误的字符，因此您必须执行以下步骤:-

1).

Dear Friend,

Here you have to suppress the user on key press event for not entering the character that can lead to SQL injection error for this you have to follow the following steps:-

1).

private void txtCompanyPhone_KeyPress(object sender, KeyPressEventArgs e)
{
    objCommonMethods.isNumericWithHyphen(e);
}

2).

2).

     internal void isNumericWithHyphen(KeyPressEventArgs e)
     {
       int asciiValue = Convert.ToInt32(e.KeyChar);
       if ((asciiValue >= 48 && asciiValue <= 57) || asciiValue==45 ||         asciiValue==127 || asciiValue==8)
          return;
    else
        e.Handled = true;
}

在这里，我为您提供了一个示例，该示例仅允许在文本框中输入数字，并限制其他字符.您只需要使用要限制和允许的字符的ascii值相应地修改相同的方法.

希望这对您有所帮助.如果确实有帮助，请不要忘记将其标记为您的答案.

谢谢

Here i have given you the example of allowing only numbers in the textbox and restricting rest other characters. You just need to modify accordingly the same method by using the ascii value of the characters you want to restrict and which to allow.

I hope this will help you out. Please don''t forget to mark this as your answer if it really helps you out.

Thanks

不要打扰.
麻烦多于其应有的价值—您需要禁止使用双引号，双引号和(最好是)分号，但在粘贴的文本和键入的文本中也应如此.您可以在TextBox.TextChanged事件中执行此操作，但改用参数化查询要好得多.

如果您从未连接字符串，则键入的字符串无关紧要-并且有充分的理由应该允许使用引号-例如，它们是某些名称的一部分.

Don''t bother.
It is more trouble than it is worth - you need to ban quotes, double quotes and (preferably) semicolon as well, but in pasted text as well as typed. You can do it in the TextBox.TextChanged event, but you are much, much better off using parametrized queries instead.

If you never concatenate strings, it doesn''t matter what they type - and there are good reasons why quotes should be allowed - they are part of some names for example.

这篇关于验证文本框以防止使用引号的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！