C#字符串格式参数 [英] C# String Format Paramters
本文介绍了C#字符串格式参数的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
大家好, 字符串
我正在使用以下字符串格式语句进行查询.
当我将此字符串格式用于sql字符串时.
我得到sql =<<< REMOVED>".作为sql查询.您能否告诉我什么是< REMOVED>"?
谢谢,
Sandeep Jain.
Hello All, string
I am having one query with the below String Format Statement.
when I use this string format for sql string.
I get sql ="<REMOVED>" as sql Query. can you please tell me what "<REMOVED>" stands for?
Thanks,
Sandeep Jain.
推荐答案
根据您的代码,您将获得应有的结果.如果您尝试使用此方法构建SQL查询(这很糟糕,因为它可能会使您进入SQL注入),则需要执行以下操作:
Based on your code, you're getting the results that you should. If you're trying to build a SQL query using this method (which is bad because it might open you up for SQL injection), you'll need to do something like this:
字符串 sql 字符串 |
string sql = String.Format("SELECT * from [Users] Where [userId]='{0}'", System.Convert.ToInt32(Session["IDUser"])); |
这篇关于C#字符串格式参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文