数据库防字符串注入攻击:
cmd.CommandText = "update student set name=@Sname,sex=@Ssex,birthday=@Sbirthday,score=@Sscore where code = @Scode";
cmd.Parameters.Clear(); ---------一个集合
cmd.Parameters.Add("@Sname", Sname);
cmd.Parameters.Add("@Ssex", Ssex); ---------------------用一个占位符 代替输入的字符串,防止执行
cmd.Parameters.Add("@Sbirthday", Sbirthday);
cmd.Parameters.Add("@Sscore", Sscore);
cmd.Parameters.Add("@Scode", Scode);
练习题:
1、Car表数据查出显示
2、请输入要查的汽车名称:
请输入要查的汽车油耗:
请输入要查的汽车马力:
名称:宝马
油耗:8
马力:1
1 using System; 2 using System.Collections.Generic; 3 using System.Linq; 4 using System.Text; 5 using System.Threading.Tasks; 6 using System.Data.SqlClient; 7 8 namespace _06_22 9 { 10 class Program 11 { 12 static void Main(string[] args) 13 { 14 15 //练习题: 16 17 #region 显示全部 18 //1、Car表数据查出显示 19 SqlConnection coon = new SqlConnection("server=.;database=Data0425;user=sa;pwd=123;"); 20 SqlCommand com = coon.CreateCommand(); 21 22 com.CommandText = "select * from car"; 23 coon.Open(); 24 SqlDataReader a1 = com.ExecuteReader(); 25 if (a1.HasRows) 26 { 27 while (a1.Read()) 28 { 29 Console.WriteLine("编号:" + a1["Code"] + " 品牌:" + a1["name"] + " 油耗:" + a1["oil"] + " 马力:" + a1["powers"] + " 排量:" + a1["exhaust"] + " 价格:" + a1["price"]); 30 } 31 } 32 33 coon.Close(); 34 #endregion 35 36 //2、请输入要查的汽车名称: 37 // 请输入要查的汽车油耗: 38 // 请输入要查的汽车马力: 39 //名称:宝马 40 //油耗:8 41 //马力:1 42 43 44 45 for (; ; ) 46 { 47 Console.Write("请输入要查的汽车名称:"); 48 string cname = Console.ReadLine(); 49 Console.Write("请输入要查的汽车油耗:"); 50 string coil = Console.ReadLine(); 51 Console.Write(" 请输入要查的汽车马力:"); 52 string cpowers = Console.ReadLine(); //输入查询内容 53 54 55 #region 三项不为空时 56 if (cname != "" && coil != "" && cpowers != "") //三项不为空时 57 { 58 com.CommandText = "select * from car where name like @cname and oil like @coil and powers like @cpowers "; 59 60 com.Parameters.Clear(); ------防字符串注入攻击 61 com.Parameters.Add("@cname","%"+cname+"%"); 62 com.Parameters.Add("@coil","%"+coil+"%"); 63 com.Parameters.Add("@cpowers","%"+cpowers+"%"); 64 65 coon.Open(); 66 SqlDataReader c1 = com.ExecuteReader(); 67 if (c1.HasRows) 68 { 69 while (c1.Read()) 70 { 71 Console.WriteLine("编号:" + c1["Code"] + " 品牌:" + c1["name"] + " 油耗:" + c1["oil"] + " 马力:" + c1["powers"] + " 排量:" + c1["exhaust"] + " 价格:" + c1["price"]); 72 } 73 Console.Write("是否结束?[y/n]"); ------是否跳出 74 string js = Console.ReadLine(); 75 if (js == "y") 76 { break; } 77 } 78 else 79 { Console.WriteLine("查无此项!!!重新输入!!"); } 80 coon.Close(); 81 } 82 83 #endregion 84 85 #region cname为空时 86 else if (cname == "" && coil != "" && cpowers != "") 87 { 88 com.CommandText = "select * from car where oil like @coil and powers like @cpowers "; 89 90 com.Parameters.Clear(); 91 com.Parameters.Add("@coil", "%" + coil + "%"); 92 com.Parameters.Add("@cpowers", "%" + cpowers + "%"); 93 94 coon.Open(); 95 SqlDataReader c1 = com.ExecuteReader(); 96 if (c1.HasRows) 97 { 98 while (c1.Read()) 99 { 100 Console.WriteLine("编号:" + c1["Code"] + " 品牌:" + c1["name"] + " 油耗:" + c1["oil"] + " 马力:" + c1["powers"] + " 排量:" + c1["exhaust"] + " 价格:" + c1["price"]); 101 } 102 Console.Write("是否结束?[y/n]"); 103 string js = Console.ReadLine(); 104 if (js == "y") 105 { break; } 106 } 107 else 108 { Console.WriteLine("查无此项!!!重新输入!!"); } 109 coon.Close(); 110 } 111 112 #endregion 113 114 #region coil为空时 115 else if (cname != "" && coil == "" && cpowers != "") 116 { 117 com.CommandText = "select * from car where name like @cname and powers like @cpowers "; 118 119 com.Parameters.Clear(); 120 com.Parameters.Add("@cname", "%" + cname + "%"); 121 com.Parameters.Add("@cpowers", "%" + cpowers + "%"); 122 123 coon.Open(); 124 SqlDataReader c1 = com.ExecuteReader(); 125 if (c1.HasRows) 126 { 127 while (c1.Read()) 128 { 129 Console.WriteLine("编号:" + c1["Code"] + " 品牌:" + c1["name"] + " 油耗:" + c1["oil"] + " 马力:" + c1["powers"] + " 排量:" + c1["exhaust"] + " 价格:" + c1["price"]); 130 } 131 Console.Write("是否结束?[y/n]"); 132 string js = Console.ReadLine(); 133 if (js == "y") 134 { break; } 135 } 136 else 137 { Console.WriteLine("查无此项!!!重新输入!!"); } 138 coon.Close(); 139 } 140 141 #endregion 142 143 #region cpowers为空时 144 else if (cname != "" && coil != "" && cpowers == "") 145 { 146 com.CommandText = "select * from car where name like @cname and oil like @coil "; 147 148 com.Parameters.Clear(); 149 com.Parameters.Add("@cname", "%" + cname + "%"); 150 com.Parameters.Add("@coil", "%" + coil + "%"); 151 152 coon.Open(); 153 SqlDataReader c1 = com.ExecuteReader(); 154 if (c1.HasRows) 155 { 156 while (c1.Read()) 157 { 158 Console.WriteLine("编号:" + c1["Code"] + " 品牌:" + c1["name"] + " 油耗:" + c1["oil"] + " 马力:" + c1["powers"] + " 排量:" + c1["exhaust"] + " 价格:" + c1["price"]); 159 } 160 Console.Write("是否结束?[y/n]"); 161 string js = Console.ReadLine(); 162 if (js == "y") 163 { break; } 164 } 165 else 166 { Console.WriteLine("查无此项!!!重新输入!!"); } 167 coon.Close(); 168 } 169 170 #endregion 171 172 #region cname不为空时 173 else if (cname != "" && coil == "" && cpowers == "") 174 { 175 com.CommandText = "select * from car where name like @cname"; 176 177 com.Parameters.Clear(); 178 com.Parameters.Add("@cname", "%" + cname + "%"); 179 180 coon.Open(); 181 SqlDataReader c1 = com.ExecuteReader(); 182 if (c1.HasRows) 183 { 184 while (c1.Read()) 185 { 186 Console.WriteLine("编号:" + c1["Code"] + " 品牌:" + c1["name"] + " 油耗:" + c1["oil"] + " 马力:" + c1["powers"] + " 排量:" + c1["exhaust"] + " 价格:" + c1["price"]); 187 } 188 Console.Write("是否结束?[y/n]"); 189 string js = Console.ReadLine(); 190 if (js == "y") 191 { break; } 192 193 } 194 else 195 { Console.WriteLine("查无此项!!!重新输入!!"); } 196 coon.Close(); 197 } 198 199 #endregion 200 201 #region coil不为空时 202 else if (cname == "" && coil != "" && cpowers == "") 203 { 204 com.CommandText = "select * from car where oil like @coil"; 205 206 com.Parameters.Clear(); 207 com.Parameters.Add("@coil", "%" + coil + "%"); 208 209 coon.Open(); 210 SqlDataReader c1 = com.ExecuteReader(); 211 if (c1.HasRows) 212 { 213 while (c1.Read()) 214 { 215 Console.WriteLine("编号:" + c1["Code"] + " 品牌:" + c1["name"] + " 油耗:" + c1["oil"] + " 马力:" + c1["powers"] + " 排量:" + c1["exhaust"] + " 价格:" + c1["price"]); 216 } 217 Console.Write("是否结束?[y/n]"); 218 string js = Console.ReadLine(); 219 if (js == "y") 220 { break; } 221 } 222 else 223 { Console.WriteLine("查无此项!!!重新输入!!"); } 224 coon.Close(); 225 } 226 227 #endregion 228 229 #region cpowers不为空时 230 else if (cname == "" && coil == "" && cpowers != "") 231 { 232 com.CommandText = "select * from car where powers like @cpowers "; 233 234 com.Parameters.Clear(); 235 com.Parameters.Add("@cpowers", "%" + cpowers + "%"); 236 237 coon.Open(); 238 SqlDataReader c1 = com.ExecuteReader(); 239 if (c1.HasRows) 240 { 241 while (c1.Read()) 242 { 243 Console.WriteLine("编号:" + c1["Code"] + " 品牌:" + c1["name"] + " 油耗:" + c1["oil"] + " 马力:" + c1["powers"] + " 排量:" + c1["exhaust"] + " 价格:" + c1["price"]); 244 } 245 Console.Write("是否结束?[y/n]"); 246 string js = Console.ReadLine(); 247 if (js == "y") 248 { break; } 249 } 250 else 251 { Console.WriteLine("查无此项!!!重新输入!!"); } 252 coon.Close(); 253 } 254 255 #endregion 256 257 258 259 } 260 Console.ReadLine(); 261 } 262 } 263 }
