sql入参;sql防注入

Dapper  sql入参

 

//防SQL注入攻击
            var parms = new
            {
                userId = userId,
                pwd = pwd
            };
            //DynamicParameters parms = new DynamicParameters();
            //parms.Add("userId", userId);
            //parms.Add("pwd", pwd);
            var res = SqlHelperRead.GetModel<UserEx>(sql, parms);

ADO sql入参

写法1

SqlParameter[] pms = new SqlParameter[]
{
   new SqlParameter("@OrderNo",txtOrderNo.Text){Value=code},
};

 

写法2

string sql = "";
SqlParameter[] pms = new SqlParameter[]
{
new SqlParameter("@OrderNo",SqlDbType.VarChar,2000),
};
pms[0].Value = txtOrderNo.Text;

 

写法3
 SqlParameter[] pms = new SqlParameter[]
            {
                new SqlParameter("@image",SqlDbType.Image){Value= data},
            };

 

 

 

posted @ 2023-09-14 10:48  博客YS  阅读(61)  评论(0编辑  收藏  举报