在Dal层写入Sql代码防止sql注入
try { //二 通过Sql语句完成添加 //二 1.防止sql注入 //二 2.SqlQuery只能执行 select 类型的语句 //以下这种写法不防Sql注入 //return db.Database.ExecuteSqlCommand($"insert into UserInfo values('{userInfo.Uname}','{userInfo.Upwd}','{userInfo.Udell}','{userInfo.Usex}','{userInfo.Email}','{userInfo.Utime}')"); // //以下这种写法防Sql注入 SqlParameter[] sqls = { new SqlParameter("@Uname",userInfo.Uname), new SqlParameter("@Upwd",userInfo.Upwd), new SqlParameter("@Udell",userInfo.Udell), new SqlParameter("@Usex",userInfo.Usex), new SqlParameter("@Email",userInfo.Email), new SqlParameter("@Utime",userInfo.Utime) }; return db.Database.ExecuteSqlCommand("insert into UserInfo values(@Uname,@Upwd,@Udell,@Usex,@Email,@Utime)", sqls); } catch (Exception) { throw; }
在Bll层进行调用
try { return dal.AddUserInfo(userInfo); } catch (Exception) { throw; }
在控制器中进行调用以及返回到视图
var result = UserInfoBll.AddUserInfo(userInfo); return Json(result, JsonRequestBehavior.DenyGet);
在试图中运用Vue进行添加操作
<script> let app = new Vue({ el: "#app", data() { return { UserData: { Uname: "", Upwd: "", Udell: true, Usex: true, Email: "", Utime: "" }, list: [], name: "", pageIndex: 1, pageSize: 3, totalCount: 0, totalPage:0 } }, methods: { HandleSubmit() { axios.post('/UserInfo/AddUserInfo', this.UserData).then(res => { if (res.data > 0) { //重新加载 this.HandleShow(); } }) }, HandleShow() { axios.get('/UserInfo/PageUserInfo', { params: { name: this.name, pageIndex: this.pageIndex, pageSize: this.pageSize } }).then(res => { this.list = res.data.Data; this.totalCount = res.data.totalCount; this.totalPage = res.data.totalPage; }) } }, created: function () { this.HandleShow(); } }) </script>
