Axapta.ExecuteStmt-安全吗? [英] Axapta.ExecuteStmt - Is it safe?
本文介绍了Axapta.ExecuteStmt-安全吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一些代码,在使用Business Connector时,它在Axapta对象上使用ExecuteStmt方法,如下所示:
I have some code, which uses the ExecuteStmt method on the Axapta Object when using the Business Connector, like so:
AxaptaRecord record = (AxaptaRecord)ax.CreateAxaptaRecord("SalesTable");
record.ExecuteStmt("select * from %1 where %1.SalesId == '" + id + "'");
while (record.Found)
{
// do stuff
}
这很好用,但是它将在面向公众的网站上,所以这是一种访问数据的好方法,并且可以安全地从SQL注入吗?因为我已经读过该语句将使用"forcePlaceholders"关键字,该关键字将参数化查询,因为它不包含联接?
This works fine, but it's going to be on a public facing website, so is this a good way of accessing the data and is it secure from SQL Injection? Because I've read that this statement will use the "forcePlaceholders" keyword which will parameterise the query as it doesn't contain a join?
推荐答案
我会拒绝.这仍然需要SQL注入.
i would say no. this still reaks of sql injection.
这篇关于Axapta.ExecuteStmt-安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
