請教，檔案中SQL注入點

說代碼中有SQL注入點，請問怎么修改？

代碼如下：

<%@ page language="C#" autoeventwireup="true" inherits="swatmain_qseduserlist, wxxzInset" enableEventValidation="false" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
   <title>安達</title>
    <link href="https://bbs.csdn.net/template/css/style.css" rel="stylesheet" type="text/css" />
    <style type="text/css">
        *{margin:0; padding:0;}
        body{font-size:13px;}
        td{height:24px;}
    </style>
</head>
<body>
    <form id="form1" runat="server">
    <table cellpadding="0" cellspacing="0" border="0" align="center" style="text-align:center;width:600px;">
        <tr><td style="height:50px; font-size:20px; font-weight:bold;">簽收情況</td></tr>
        <tr>
            <td><fieldset>
                <legend>已簽收用戶</legend><br />
                <asp:GridView ID="QSData" runat="server" CellPadding="4" ForeColor="#333333" GridLines="None" Width="600px" AutoGenerateColumns="False" AllowPaging="True" OnPageIndexChanging="QSData_PageIndexChanging" EmptyDataText="暫時沒有用戶簽收！" PageSize="15">
                    <Columns>
                        <asp:BoundField HeaderText="已簽收單位" DataField="danwei" />
                        <asp:BoundField HeaderText="已簽收用戶" DataField="loginname" />
                        <asp:BoundField HeaderText="已簽時間" DataField="qstime" />
                        <asp:BoundField HeaderText="IP" DataField="ip" />
                    </Columns>
                    <FooterStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />
                    <RowStyle BackColor="#EFF3FB" />
                    <EditRowStyle BackColor="#2461BF" />
                    <SelectedRowStyle BackColor="#D1DDF1" Font-Bold="True" ForeColor="#333333" />
                    <PagerStyle BackColor="#2461BF" ForeColor="White" HorizontalAlign="Center" />
                    <HeaderStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" Height="24px" />
                    <AlternatingRowStyle BackColor="White" />
                </asp:GridView>
            </fieldset>
            </td>
        </tr>
        <tr><td>
            </td></tr>
        <tr><td>
            <fieldset>
                <legend>未簽收用戶</legend><br />
                <asp:GridView ID="NoUserData" runat="server" AllowPaging="True" CellPadding="4" ForeColor="#333333"
                    GridLines="None" Width="600px" AutoGenerateColumns="False" OnPageIndexChanging="NoUserData_PageIndexChanging" EmptyDataText="沒有要簽收的用戶！" PageSize="15">
                    <Columns>
                        <asp:BoundField HeaderText="未簽收單位" DataField="Depart" />
                        <asp:BoundField HeaderText="未簽收用戶" DataField="LoginName" />
                    </Columns>
                    <FooterStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />
                    <RowStyle BackColor="#EFF3FB" />
                    <EditRowStyle BackColor="#2461BF" />
                    <SelectedRowStyle BackColor="#D1DDF1" Font-Bold="True" ForeColor="#333333" />
                    <PagerStyle BackColor="#2461BF" ForeColor="White" HorizontalAlign="Center" />
                    <HeaderStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" Height="24px" />
                    <AlternatingRowStyle BackColor="White" />
                </asp:GridView>
                <asp:Label ID="lblnoqsuser" runat="server"></asp:Label>
                
            </fieldset>
        </td></tr>
    </table>
    </form>
</body>
</html>

uj5u.com熱心網友回復：

沒代碼沒截圖 ，注入一般是引數化就可以防注入

轉載請註明出處，本文鏈接：https://www.uj5u.com/net/188507.html

標籤：ASP.NET

上一篇：關于C#中的委托，甚至于js中的委托的理解

下一篇：C#8.0之后介面已經不再單純了，我懵逼了！