parameterized sql query - asp.net / c#

前端未结

关注

 6  575

孤独总比滥情好 2021-01-18 20:03

So I recently learned that I should absolutely be using parametrized query\'s to avoid security issues such as SQL injection. That\'s all fine and all, I got it working.

6条回答

逝去的感伤 (楼主)

2021-01-18 20:32
Here you go... via dapper:
```
connextion.Execute(sql, new {
    username = username.Text,
    id = 123, // theses are all invented, obviously
    foo = "abc",
    when = DateTime.UtcNow
});
```
that maps to ExecuteNonQuery, but there are other methods, such as Query (binds the data very efficiently by name into objects of type T per row), Query (like Query, but uses dynamic), and a few others (binding multiple grids or multiple objects, etc). All ridiculously optimized (IL-level meta-programming) to be as fast as possible.
0 讨论(0)

查看其它6个回答
发布评论:

提交评论
- 加载中...