您的位置: 首页  >  IT文章  >  防止sql注入

防止sql注入

分类: IT文章 2022-08-30 17:33:46

using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Data.SqlClient; namespace ConsoleApplication1 { class Program { static void Main(string[] args) { //接收用户输入的查询条件 Console.WriteLine("请输入要查询的汽车代号:"); string code = Console.ReadLine(); //造连接对象 SqlConnection conn = new SqlConnection("server=.;database=mydb;user=sa;pwd=123"); //造命令对象 SqlCommand cmd = conn.CreateCommand(); //给命令对象一条SQL语句 cmd.CommandText = "select * from Car where Code=@code"; cmd.Parameters.AddWithValue(@code,code); //改变量绑定参数 cmd.Parameters.Clear();//清除绑定的变量 cmd.Parameters.AddWithValue("@code", code); //cmd.Parameters.AddWithValue("@name",name); //打开连接 conn.Open(); //执行SQL语句 SqlDataReader dr = cmd.ExecuteReader(); //读取数据 if (dr.HasRows) { while (dr.Read()) { Console.WriteLine(dr[0] + "--" + dr[1]); } } else { Console.WriteLine("没有查到相应的数据"); } Console.WriteLine("1是删除2是修改3是添加"); int a = int.Parse(Console.ReadLine()); dr.Close(); if (a == 1) { cmd.CommandText = "delete from Car where Code=@code"; cmd.Parameters.Clear();//清除绑定的变量 cmd.Parameters.AddWithValue("@code", code); cmd.ExecuteNonQuery(); Console.WriteLine("删除成功!"); } else if (a == 2) { int m = 0; while (m < 1) { Console.WriteLine("你可以修改的内容为Powers/Exhaust/Price,请输入你要修改的列"); string b = Console.ReadLine(); Console.WriteLine("修改为"); string c = Console.ReadLine(); if (b == "Powers") { cmd.CommandText = "update Car set Powers=@powers where Code='" + code + "'"; cmd.Parameters.Clear(); cmd.Parameters.AddWithValue("@powers", c); cmd.ExecuteNonQuery(); Console.WriteLine("修改成功"); } else if (b == "Exhaust") { cmd.CommandText = "update Car set Exhaust=@exhaust where Code='" + code + "'"; cmd.Parameters.Clear(); cmd.Parameters.AddWithValue("@exhaust", c); cmd.ExecuteNonQuery(); Console.WriteLine("修改成功"); } else if (b == "Price") { cmd.CommandText = "update Car set Price=@price where Code='" + code + "'"; cmd.Parameters.Clear(); cmd.Parameters.AddWithValue("@Price", c); cmd.ExecuteNonQuery(); Console.WriteLine("修改成功"); } else { Console.WriteLine("输入错误"); } m++; Console.WriteLine("是否继续修改内容?是1不是2"); int n = int.Parse(Console.ReadLine()); if (n == 1) { m--; } else { Console.WriteLine("你所修改的内容已全部修改完毕"); } } } else if (a == 3) { Console.WriteLine("请输入添加的内容"); Console.WriteLine("请输入添加的代号"); string Code = Console.ReadLine(); Console.WriteLine("请输入添加的名字"); string Name = Console.ReadLine(); Console.WriteLine("请输入添加的brand"); string Brand = Console.ReadLine(); Console.WriteLine("请输入添加的time"); string Time = Console.ReadLine(); Console.WriteLine("请输入添加的Oil"); string Oil = Console.ReadLine(); Console.WriteLine("请输入添加的powers"); string Powers = Console.ReadLine(); Console.WriteLine("请输入添加的exhaust"); string Exhaust = Console.ReadLine(); Console.WriteLine("请输入添加的price"); string Price = Console.ReadLine(); Console.WriteLine("请输入添加的pic"); string Pic = Console.ReadLine(); dr.Close(); cmd.CommandText = "insert into Car values('" + Code + "','" + Name + "','" + Brand + "','" + Time + "','" + Oil + "','" + Powers + "','" + Exhaust + "','" + Price + "','" + Pic + "')"; cmd.ExecuteNonQuery(); Console.WriteLine("添加成功!"); } else { Console.WriteLine("输入有误"); } //关闭连接 conn.Close(); Console.ReadLine(); } //作业: //1.让用户输入一个代号,查到一条数据(car,info),并显示 //2.输出提示:输入1删除该数据 输入2修改数据 输入3添加数据 //3.当用户输入1的话:把查到的这条数据删除 //4.当用户输入2的话:让用户输入修改的其它值,输入完成修改这条数据 //5.当用户输入3的话:让用户输入所有的列,然后保存到数据库 } }

相关推荐