This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Programming .Net/C # c# Parameterized Parameters uses sp_executesql to execute sql statements...
View: 24188|Reply: 1

[Source] C# Parameterized Parameters uses sp_executesql to execute sql statements

[Copy link]
Posted on 9/18/2016 3:44:20 PM | | | |
We know that when we query the database, we often have to bring some conditions to query the database.

These conditional sources all come from client user requests, and if the client has a malicious string,

Request to our server, and form a spliced sql statement.

Thus, SQL injection may be formed

Parameters can effectively prevent sql injection, how do we know how Parameters do it? How is it realized?


Here's a C# code:




Let's take a look at a piece of code found on the Internet, what code is generated in the database:




https://msdn.microsoft.com/zh-cn/library/ms188001.aspx

The link above is Microsoft's official introduction to sp_executesql.





Previous:How do I set HttpOnly for cookies? What is HttpOnly used for?
Next:HTML5 learning FileReader interface

Related Posts
Posted on 1/7/2022 3:04:55 PM |
ddddddddddddddddddd
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com