SQL逃脱与sqlite在C# [英] SQL escape with sqlite in C#
本文介绍了SQL逃脱与sqlite在C#的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
解决方案
您应该使用参数:
SQLiteCommand cmd = _connection.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText =SELECT * FROM MyTable WHERE MyColumn = @parameter;
cmd.Parameters.Add(new SQLiteParameter(@parameter,textfield));
SQLiteDataReader reader = cmd.ExecuteReader();
使用参数化的SQL将转义所有输入值,并有助于保护您免受SQL注入攻击。 >
I have a text field and its breaking my sql statement. How do i escape all the chars in that field? I am using sqlite with http://sqlite.phxsoftware.com/ in C#
解决方案
You should be using a parameter as in:
SQLiteCommand cmd = _connection.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "SELECT * FROM MyTable WHERE MyColumn = @parameter";
cmd.Parameters.Add( new SQLiteParameter( "@parameter", textfield ) );
SQLiteDataReader reader = cmd.ExecuteReader();
Using a parametrised SQL will escape all input values and help protect you from SQL injection attacks.
这篇关于SQL逃脱与sqlite在C#的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文