这样可以免受攻击吗 [英] Can this be safe from the attack
本文介绍了这样可以免受攻击吗的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我对此很纳闷.我有一个产品表,当我添加一些产品时,我使用了此代码.在SQL Injection Attack中这是否安全?
这是我的代码:
Hi, I''m wondering about this. I have a product table and when I add some product I used this code. Could this be safe in SQL Injection Attack.
Here is my code:
Try
Dim ta As New sampledbDSTableAdapters.productTableAdapter
ta.Insert(TextBox1.Text, TextBox2.Text, TextBox3.Text, ComboBox1.SelectedValue)
Me.DialogResult = Windows.Forms.DialogResult.OK
Catch ex As Exception
MsgBox(ex.Message)
TextBox1.Focus()
End Try
推荐答案
从表面上看,这是不安全的.您正在将TextBoxes的值传递给称为.Insert的方法,该方法可能不会在将这些值放入SQL语句之前清除这些值.
On the surface, no, it''s not safe. You''re passing the values of TextBoxes to some method called .Insert, which probably doesn''t scrub those values before putting them into the SQL statement.
这篇关于这样可以免受攻击吗的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
