2023年6月21日发(作者:)
SqlParameter⽤法总结作⽤解决恶意的T-sql语句攻击第⼀种 //传⼊参数 string ProductGroupCode, string Ismaintain, int HierarchyID, string BOMName,string BOMCode, string BOMType, int BOPStepType, int PageIndex, int PageSize, out int TotalCountpublic static DataTable GetBOPStepByBOM(string ProductGroupCode, string Ismaintain, int HierarchyID, string BOMName,string BOMCode, string BOMType, int BOPStepType, int PageIndex, int PageSize, out int TotalCount) { SqlParameter[] parameters = { new SqlParameter("@ProductGroupCode", r), //⾃定义参数 与参数类型
new SqlParameter("@Ismaintain", r), new SqlParameter("@HierarchyID", ), new SqlParameter("@BOMName", r), new SqlParameter("@BOMType", r), new SqlParameter("@BOPStepType", ), new SqlParameter("@PageIndex", ), new SqlParameter("@PageSize", ), new SqlParameter("@TotalCount", ), new SqlParameter("@BOMCode", r), }; parameters[0].Value = ProductGroupCode; //给参数赋值 parameters[1].Value = Ismaintain; parameters[2].Value = HierarchyID; parameters[3].Value = BOMName; parameters[4].Value = BOMType; parameters[5].Value = BOPStepType; parameters[6].Value = PageIndex; parameters[7].Value = PageSize; parameters[8].Direction = ; parameters[9].Value = BOMCode; SqlDataAccess sqlDataAccess = DataAccess(); //⾃定义帮助类 主要作⽤ 开始 执⾏ 关闭
DataSet result = eDataSet("up_BasicInfo_GetBOPStepListByBOM", parameters); //这⾥执⾏的是存储过程 并接收返回值 TotalCount = parameters[8].Value == ? default(int) : (int)parameters[8].Value; return [0]; //最终返回执⾏结果 }第⼆种 public static int InsertOrderCause(string productGroupCode, int customerBelongTo, int salesTypeID, string orderCauseList) { int ret = 0; SqlParameter[] paras = { new SqlParameter("@ProductGroupCode",productGroupCode), //不声明变量类型 直接进⾏复制 new SqlParameter("@CustomerBelongTo",customerBelongTo), new SqlParameter("@SalesTypeID",salesTypeID), new SqlParameter("@OrderCauseList",orderCauseList) }; SqlDataAccess sqlDataAccess = DataAccess(); ret = eNonQuery("up_BasicInfo_InsertOrderCause", paras); return ret; }
2023年6月21日发(作者:)
SqlParameter⽤法总结作⽤解决恶意的T-sql语句攻击第⼀种 //传⼊参数 string ProductGroupCode, string Ismaintain, int HierarchyID, string BOMName,string BOMCode, string BOMType, int BOPStepType, int PageIndex, int PageSize, out int TotalCountpublic static DataTable GetBOPStepByBOM(string ProductGroupCode, string Ismaintain, int HierarchyID, string BOMName,string BOMCode, string BOMType, int BOPStepType, int PageIndex, int PageSize, out int TotalCount) { SqlParameter[] parameters = { new SqlParameter("@ProductGroupCode", r), //⾃定义参数 与参数类型
new SqlParameter("@Ismaintain", r), new SqlParameter("@HierarchyID", ), new SqlParameter("@BOMName", r), new SqlParameter("@BOMType", r), new SqlParameter("@BOPStepType", ), new SqlParameter("@PageIndex", ), new SqlParameter("@PageSize", ), new SqlParameter("@TotalCount", ), new SqlParameter("@BOMCode", r), }; parameters[0].Value = ProductGroupCode; //给参数赋值 parameters[1].Value = Ismaintain; parameters[2].Value = HierarchyID; parameters[3].Value = BOMName; parameters[4].Value = BOMType; parameters[5].Value = BOPStepType; parameters[6].Value = PageIndex; parameters[7].Value = PageSize; parameters[8].Direction = ; parameters[9].Value = BOMCode; SqlDataAccess sqlDataAccess = DataAccess(); //⾃定义帮助类 主要作⽤ 开始 执⾏ 关闭
DataSet result = eDataSet("up_BasicInfo_GetBOPStepListByBOM", parameters); //这⾥执⾏的是存储过程 并接收返回值 TotalCount = parameters[8].Value == ? default(int) : (int)parameters[8].Value; return [0]; //最终返回执⾏结果 }第⼆种 public static int InsertOrderCause(string productGroupCode, int customerBelongTo, int salesTypeID, string orderCauseList) { int ret = 0; SqlParameter[] paras = { new SqlParameter("@ProductGroupCode",productGroupCode), //不声明变量类型 直接进⾏复制 new SqlParameter("@CustomerBelongTo",customerBelongTo), new SqlParameter("@SalesTypeID",salesTypeID), new SqlParameter("@OrderCauseList",orderCauseList) }; SqlDataAccess sqlDataAccess = DataAccess(); ret = eNonQuery("up_BasicInfo_InsertOrderCause", paras); return ret; }
发布评论