热门关键字:   安全硬件 智能手机 网吧技术 手机安全 防黑 服务器 数据库 局域网 信息化

使用动态sql的方法防止sql注入

发布时间:2018-10-31 13:37文章来源:未知文章作者: 点击次数:
摘要:事例SQL语句如下: DECLARE @variable NVARCHAR(100) DECLARE @SQLString NVARCHAR(1024) DECLARE @ParmDefinition NVARCHAR(500) SET @SQLString = N'SELECT OEV.Name, OEV.Position, Base_Employee.Address, OEV.Telephone, OEV.MobilePhone, OEV.Ema

事例SQL语句如下:
DECLARE @variable NVARCHAR(100)
DECLARE @SQLString NVARCHAR(1024)
DECLARE @ParmDefinition NVARCHAR(500)
SET @SQLString = N'SELECT OEV.Name, OEV.Position, Base_Employee.Address, OEV.Telephone, OEV.MobilePhone, OEV.Email, OEV.RealDepID
FROM Base_OrganizeEmployeeView AS OEV
JOIN Base_Employee
ON Base_Employee.Emp_ID = OEV.Emp_ID
WHERE (OEV.Account LIKE ''%'' + @searchFilter + ''%'' OR OEV.Name LIKE ''%'' + @searchFilter + ''%'' OR OEV.Position LIKE ''%'' + @searchFilter + ''%'' ) AND STATE = 1'
SET @parmDefinition = N'@searchFilter varchar(100)'
SET @variable = N'k'
EXECUTE sp_executesql @SQLString, @ParmDefinition, @searchFilter = @variable

上一篇:五个危险的数据库安全问题
下一篇:没有了

热点推荐