ADO.NET基础学习-----四种模型,防止SQL注入
1.ExcuteNonQuery
执行非查询语句,返回受影响的行数。
1 // 1.ExcuteNonQuery 2 3 string sqlconn = "Data Source=wss;Initial Catalog=TextDB;User ID=sa;Password=w778764;Integrated Security=true"; 4 SqlConnection conn = new SqlConnection(sqlconn); 5 conn.Open(); 6 SqlCommand cmd = new SqlCommand(); 7 cmd.Connection = conn; 8 cmd.CommandText = "insert into TB_USER(userID,password,LastTime,code) values ('fungame','131313',2005-05-23,56)"; 9 int num = cmd.ExecuteNonQuery(); 10 conn.Close(); 11 conn.Dispose(); 12 Console.Write("(共有{0}行受影响",num.ToString()); 13 Console.ReadKey();
2.ExcuteScalar
执行查询语句,返回一行一列的数据。
1 2.ExcuteScaler 2 string sqlconn= "data source = wss;uid = sa;pwd = w778764;Integrated Security = true;Initial Catalog = TextDB;"; 3 string sql = "select * from TB_USER "; 4 using (SqlConnection conn = new SqlConnection (sqlconn)) 5 { 6 using (SqlCommand cmd = new SqlCommand(sql,conn)) 7 { 8 conn.Open(); 9 string str = cmd.ExecuteScalar().ToString(); 10 Console.WriteLine(str); 11 conn.Close(); 12 } 13 } 14 Console.ReadKey();
3.参数化查询(防止SQL注入<1' or '1' = '1>)
1 //3.防止SQL注入,参数化查询 2 Console.WriteLine("请输入用户名:"); 3 string uid =Console.ReadLine(); 4 Console.WriteLine("请输入密码"); 5 string pwd = Console.ReadLine(); 6 7 string sqlconn = "data source = wss;uid = @uid;pwd = @pwd;Integrated Security = true;Initial Catalog = TextDB;"; 8 string sqldtr = "select count(*) from TB_USER;";
9 SqlParameter spuid = new SqlParameter(@uid, uid);//构建参数化对象 10 SqlParameter sppwd = new SqlParameter(@pwd, pwd); 11 12 using (SqlConnection conn = new SqlConnection(sqlconn)) 13 { 14 using (SqlCommand cmd = new SqlCommand(sqldtr,conn)) 15 { 16 17 cmd.Parameters.Add(spuid);//将参数对象添加入执行列表 18 cmd.Parameters.Add(sppwd); 19 conn.Open(); 20 int num =(int) cmd.ExecuteScalar(); 21 conn.Close(); 22 Console.Write("n={0}", num); 23 } 24 }
4.sqldatareader
执行查询语句,将数据暂存到sqldatareader对象中,可以通过索引将数据逐行取出。
1 4.sqldatareader使用 2 string sqlstr = "data source = wss;uid =@uid;pwd =@pwd;Initial Catalog = TextDB;Integrated Security = true;"; 3 string sql = "select * from TB_USER;"; 4 string uid = "12"; 5 string pwd = "123"; 6 SqlParameter suid = new SqlParameter(@uid, uid); 7 SqlParameter spwd = new SqlParameter(@pwd, pwd); 8 using (SqlConnection conn = new SqlConnection (sqlstr)) 9 { 10 using (SqlCommand cmd = new SqlCommand(sql, conn)) 11 { 12 cmd.Parameters.Add(suid); 13 cmd.Parameters.Add(spwd); 14 conn.Open(); 15 SqlDataReader sqlread = cmd.ExecuteReader(); 16 using (sqlread) 17 { 18 while(sqlread.Read()) 19 { 20 for (int i = 0; i < sqlread.FieldCount; i++) 21 { 22 string data = sqlread[i].ToString(); 23 Console.Write(data+"\t"); 24 } 25 Console.WriteLine(); 26 } 27 } 28 conn.Close(); 29 } 30 }
5.SqlDataAdapter
通过 DataAdapter 使用数据源中的数据生成和填充 DataSet 中的每个 DataTable,可以通过索引将单个的datatable数据绑定到数据容器中显示,如:datagridview。
该实例中是建立了winform程序,设计视图中添加一个gridview和按钮控件,在按钮单击事件中添加如下代码。tips:girdview属性中的Anchor(锚;抛锚停泊)可以设定控件的四个方向是否跟随窗口大小改动而改动。
private void button1_Click(object sender, EventArgs e) { string sqlstr = "data source = wss;uid =@uid;pwd =@pwd;Initial Catalog = TextDB;Integrated Security = true;"; string sql = "select * from TB_USER;"; DataSet ds = new DataSet(); using (SqlDataAdapter sda = new SqlDataAdapter(sql,sqlstr)) { sda.Fill(ds); } dataGridView1.DataSource = ds.Tables[0]; }
如果这些内容帮助到你了,希望您给予支持 o(^▽^)o (支付宝)
(支付宝)
点赞鼓励下,(づ ̄3 ̄)づ╭❤~
作者:世纪末的魔术师
出处:https://www.cnblogs.com/Firepad-magic/
Unity最受欢迎插件推荐:点击查看
本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接,否则保留追究法律责任的权利。
