[英]Where can I find “Outlook 2016 Add-in” for Visual Studio?
[英]I can't find where to add parameters
我可以对此代码进行哪些更改以防止 sql 注入?
private void button1_Click(object sender, EventArgs e)
{
string query = "INSERT INTO person (name_,age_)VALUES('" + txtFirstname.Text + "','" + int.Parse(txtAge.Text) + "')";
DB.OpenConnection();
DB.SqlQuery = query;
DB.ExecuteQuery();
DB.CloseConnection();
}
像下面的东西
string query = "INSERT INTO person (name_,age_) VALUES(@name,@age)";
MySqlCommand m = new MySqlCommand(query);
m.Parameters.AddWithValue("@name", txtFirstname.Text);
m.Parameters.AddWithValue("@age", int.Parse(txtAge.Text));
(或者)
m.Parameters.Add(new MySqlParameter("@name", txtFirstname.Text));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.