我勒个去YCQ
ADO.NET 攻击及防御

攻击、防御:

Console.Write("请输入要查询的用户名:");
string name = Console.ReadLine();
com.CommandText = "select * from student where name ='"+name+"'";

若输入的name为 a'delete from student --    时,会被执行并删除数据库的信息 此为攻击

com.CommandText = "select * from student where name like  @a";
com.Parameters.Clear();
com.Parameters.AddWithValue("@a", name);      //防御,能够将输入的不转化为代码,此为防御

 

posted on 2017-11-14 16:39  我勒个去YCQ  阅读(126)  评论(0编辑  收藏  举报

Copyright © 2024 我勒个去YCQ
Powered by .NET 8.0 on Kubernetes Powered By博客园