我有一個從另一個應用程式接收資料的功能。我想將這些資料(用戶、密碼、repeatPassword)插入 SQLite DB 并避免SQLInjection. 我怎么能這樣做?我的代碼:
public class Data
{
public string user { get; set; }
public string password { get; set; }
public string repeatPass { get; set; }
}
[HttpPost, AllowCrossSite]
[EnableCors(origins: "http://localhost:4200", headers: "*", methods: "*")]
[Route("api/Register/Posthdf")]
public IHttpActionResult Posthdf(Data data)
{
using (SQLiteConnection conn = new SQLiteConnection("Data Source=C:\\ProiectVisualStudio\\Reporting_how-to-use-the-web-report-designer-in-javascript-with-angular-t566422-19.2.3-\\CS\\ServerSide\\App_Data\\RegisterDB.db; Version = 3; New = True; Compress = True; "))
{
using (SQLiteCommand cmd = new SQLiteCommand())
{
try
{
cmd.Connection = conn;
conn.Open();
//this inserts data correctly in DB: string strSql = "INSERT INTO tbl_Users (User, Password, RepeatPassword) VALUES('Teste1', 'Teste2', 'Teste3');";
strSql = "INSERT INTO tbl_Users (User, Password, RepeatPassword) VALUES(" data.user ", " data.password ", " data.repeatPass ");";
cmd.CommandText = strSql;
cmd.ExecuteNonQuery();
// do something…
conn.Close();
}
catch (Exception ex)
{
System.Diagnostics.Debug.WriteLine("***Error connection DB: " ex "/n");
}
}
}
if (!ModelState.IsValid)
return BadRequest("Invalid data");
return Ok(true);
}
uj5u.com熱心網友回復:
使用引數:
strSql = "INSERT INTO tbl_Users (User, Password, RepeatPassword) VALUES(@user, @password, @repeatPassword);";
cmd.CommandText = strSql;
cmd.Parameters.AddWithValue("@user", data.user);
cmd.Parameters.AddWithValue("@password", data.password);
cmd.Parameters.AddWithValue("@repeatPassword", data.repeatPass);
轉載請註明出處,本文鏈接:https://www.uj5u.com/qukuanlian/514717.html
下一篇:為什么我會收到“sqlite3.ProgrammingError:提供的系結數量不正確”。即使我使用了一個元組?