动态sql防止sql注入的示例:在对应的数据库中添加以下sql语句:DECLARE @variable NVARCHAR(100)DECLARE @SQLString NVARCHAR(1024)DECLARE @ParmD
动态sql防止sql注入的示例:
在对应的数据库中添加以下sql语句:
DECLARE @variable NVARCHAR(100)
DECLARE @SQLString NVARCHAR(1024)
DECLARE @ParmDefinition NVARCHAR(500)
SET @SQLString = N'SELECT OEV.Name, OEV.Position, Base_Employee.Address, OEV.Telephone, OEV.MobilePhone, OEV.Email, OEV.RealDepID
FROM Base_OrganizeEmployeeView AS OEV
JOIN Base_Employee
ON Base_Employee.Emp_ID = OEV.Emp_ID
WHERE (OEV.Account LIKE ''%'' + @searchFilter + ''%'' OR OEV.Name LIKE ''%'' + @searchFilter + ''%'' OR OEV.Position LIKE ''%'' + @searchFilter + ''%'' ) AND STATE = 1'
SET @parmDefinition = N'@searchFilter varchar(100)'
SET @variable = N'k'
EXECUTE sp_executesql @SQLString, @ParmDefinition, @searchFilter = @variable
--结束END--
本文标题: 动态sql如何防止sql注入
本文链接: https://www.lsjlt.com/news/114971.html(转载时请注明来源链接)
有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
下载Word文档到电脑,方便收藏和打印~
2024-04-19
2024-04-19
2024-04-19
2024-04-19
2024-04-19
2024-04-18
2024-04-18
2024-04-18
2024-04-18
2024-04-18
回答
回答
回答
回答
回答
回答
回答
回答
回答
回答
0