按顺序将C#中的SQL连接起来
[英]Concatenate SQL in C# with order by
问题描述
我有此代码,我想编写ORDER BY DESC但我不知道该如何帮助一些人
OleDbCommand cmd = new OleDbCommand("SELECT * FROM users WHERE [id] = " + Session_ID, conn2);
2 个解决方案
解决方案1
5 2017-05-16 10:50:35
Firstly, you should be aware that this kind of codes are open for SQL Injection and you should always use parameterized queries to avoid SQL Injection . 
首先,您应该意识到这类代码是为SQL注入打开的,并且应该始终使用参数化查询来避免SQL注入 。 Like this: 像这样:
OleDbCommand cmd = new OleDbCommand("SELECT * FROM users WHERE [id] = ? " +
"ORDER BY ID DESC", conn2);
cmd.Parameters.Add(new OleDbParameter("@SessionID", Session_ID));
解决方案2
0 已采纳 2017-05-16 10:45:34
OleDbCommand cmd = new OleDbCommand("SELECT * FROM users
WHERE [id] = " + Session_ID + " ORDER BY ID DESC", conn2);
Though above will work it has serious flaw. 尽管上面的方法会起作用,但它有严重的缺陷。 One can simply do SQL Injection in above SQL Query so it is highly recommended to use parametrized query to prevent SQL Injection as suggested by @S.Akbari 可以简单地在上述SQL查询中执行SQL注入,因此强烈建议使用参数化查询来防止SQL注入,如@ S.Akbari所建议。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
以无特定顺序将两个无限 C# IEnumerables 连接在一起 - Concatenate two infinite C# IEnumerables together in no particular order
在 C# 中按 SQL 查询排序 - ORDER BY SQL QUERY in C#
C#,Linq2Sql:是否可以将两个可查询连接成一个? - C#, Linq2Sql: Is it possible to concatenate two queryables into one?
C# 连接常量字符串以形成 SQL 查询是否安全? - C# Is it safe to concatenate constant strings to form a SQL Query?
如何串联sql的不同列并将其显示在datagridview c#中 - how to concatenate different column of sql and showing it in datagridview c#
C#中的连接整数 - Concatenate integers in C#
在C#存储库中串联 - Concatenate in C# Repository
C#/ SQL Server-确定表的顺序 - C# / SQL Server - determine order of tables
C#linq-to-sql。 订单订购 - C# linq-to-sql. Concat with order
Checkmarx 二阶 SQL 注塑 C# - Checkmarx Second Order SQL Injection C#
相关标签