stackoom
  简体   繁体   中英

I can't find where to add parameters

 原文  2020-05-13 20:16:57       c#/ mysql

Question

What kind of changes i can make to this code to protect against sql injection?

private void button1_Click(object sender, EventArgs e)
        {
               string query = "INSERT INTO person (name_,age_)VALUES('" + txtFirstname.Text + "','" + int.Parse(txtAge.Text) + "')";
               DB.OpenConnection();
               DB.SqlQuery = query;
               DB.ExecuteQuery();
               DB.CloseConnection();
        }

1 answers

solution1
 0 ACCPTED  2020-05-13 20:23:51

Something like below

    string query = "INSERT INTO person (name_,age_) VALUES(@name,@age)";
    MySqlCommand m = new MySqlCommand(query);
    m.Parameters.AddWithValue("@name", txtFirstname.Text);
    m.Parameters.AddWithValue("@age", int.Parse(txtAge.Text));

(OR) 

m.Parameters.Add(new MySqlParameter("@name", txtFirstname.Text));

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Where can I find “Outlook 2016 Add-in” for Visual Studio? Where Can I Find List<T>.AddRange() Method? I'm using PdfSharp and can't find the class BeginBox where is it? Error: “; expected”, can't find where I'm missing it where can i find ServiceAccountCredential Where can I find CSharpEvaluator? PSQL can't add value to parameters Where can I find the images folder after I deploy the outlook add-in? Can't find where the time is consumed Can we add LINQ where condition of method parameters
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM