如何防止登录时进行SQL注入 [英] how to prevent sql injection on login
本文介绍了如何防止登录时进行SQL注入的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有两个文本框
用户名使用Textbox1,密码使用Textbox2
I have two text box
Textbox1 for user name and Textbox2 for password
string s = "select UserName,Password,Designation from Login where UserName='" + TextBox1.Text + "'and Password='" + TextBox2.Text + "'";
SqlCommand cmd1 = new SqlCommand(s, con);
SqlDataReader dr = cmd1.ExecuteReader(CommandBehavior.SingleRow);
how to prevent sql injection?
推荐答案
使用参数化查询
Use parametrized Query
string s = "select UserName,Password,Designation from Login where UserName=@uname and Password=@pass;
SqlCommand cmd1 = new SqlCommand(s, con);
cmd1.Parameters.AddWithValue("uname",TextBox1.Text);
cmd1.Parameters.AddWithValue("pass",TextBox2.Text);
SqlDataReader dr = cmd1.ExecuteReader(CommandBehavior.SingleRow);
一些讨论避免SQL注入的链接:
SQL注入攻击以及有关如何预防的一些提示他们 [ ^ ]
http://msdn.microsoft.com/en-us/library/ff648339.aspx [ ^ ]
http://www.mikesdotnetting.com/Article/113/Preventing-SQL- Injection-in-ASP.NET [ ^ ]
Some links that talks about avoiding SQL Injection:
SQL Injection Attacks and Some Tips on How to Prevent Them[^]
http://msdn.microsoft.com/en-us/library/ff648339.aspx[^]
http://www.mikesdotnetting.com/Article/113/Preventing-SQL-Injection-in-ASP.NET[^]
这篇关于如何防止登录时进行SQL注入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文