发表新帖
发表新帖

Avoiding an Sql injection attack

后端 未结
关注
2 1616
余生分开走
余生分开走 2021-01-23 14:32

I have an asp.net application. In which i have this code:

 using (Data.connexion)
    {
        string queryString = @\"select id_user , nom, prenom, mail, login
2条回答
  • 太阳男子
    太阳男子 (楼主)
    2021-01-23 15:05

    Always use command parameters to avoid sql injection. Sql injections are handled by Command Parameter automatically. You don't need to worry about sql injection if you use command parameters.

    When you don't use command parameters, the parameters' values are simply inserted in sql query without handling sql injection. But when you use command parameters, ADO.Net handles sql injection for you.

    0 讨论(0)
 看不清?
提交回复
热议问题