执行SQL注入作品中的WinForms? [英] Do SQL Injection works in winforms?
问题描述
我想提出一个windows软件在C#。我看了一下 SQL注入
,但我没有发现它正在我的应用程序。
执行SQL注入作品中的WinForms?
如果是如何prevent他们。
编辑:
我使用的是文本框,用于读取用户名和密码。并通过使用textboxex我发现,从文本框中的文本是双引号之间(,
)。所以,我没有发现它是工作。
当我使用文本框行情或
,文读作
\
或 \
示例:
...................
用户名:|一或1==1 |
```````````````````
//它的读取textBox1.Text =一个\或\1 \== \1;
SQL注入是不依赖于任何技术的普遍问题。如果您在使用.NET和需要使用总是<一href="http://msdn.microsoft.com/en-us/library/ff648339.aspx"> prevent SQL注入href="http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx">SqlParameter而不是字符串连接。
I am making an windows software in c#. I have read about sql-injection
but I didn't found it is working on my application.
Do SQL Injection works in winforms?
If yes how to prevent them.
EDIT:
I am using a textboxes for reading user-name and password. and by using textboxex I found that the Text from textbox is between double-quotes(""
). So I didn't found it to be worked.
And when, I use Quotes "
OR '
in Textbox, the text is read as \"
OR \'
Example:
...................
USER NAME: | a" OR "1"=="1 |
```````````````````
// it is read as textBox1.Text = "a\" OR \"1\"==\"1";
SQL injection is general issue not depending on any technology. If you using .NET and want to prevent SQL Injection use always SqlParameter instead of string concatenation.
这篇关于执行SQL注入作品中的WinForms?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!