Tri*_*uri 3 c# oracle ado.net sql-injection c#-4.0
string sqlCmd = @"SELECT r.row_id AS resp_id,
r.name AS resp_name
FROM srb.s_resp r,
srb.s_per_resp pr,
srb.s_contact c,
srb.s_user u
WHERE r.row_id = pr.resp_id
AND u.row_id = c.row_id
AND c.person_uid = pr.per_id
AND UPPER(u.login) = @login
ORDER BY r.name";
OracleConnection con = new OracleConnection(getConnectionString(username, password));
OracleCommand command = con.CreateCommand();
conSiebel.Open();
command.CommandType = CommandType.Text;
command.Connection = con;
command.CommandText = sqlCmd;
command.Parameters.Add(new OracleParameter("login", username));
IDataReader reader = command.ExecuteReader(CommandBehavior.CloseConnection);
reader.Close();
我试图将@login参数添加到上述查询中,但未添加,有人可以帮助我解决此问题吗?
请使用冒号(:login)。
string sqlCmd = @"SELECT r.row_id AS resp_id,
r.name AS resp_name
FROM srb.s_resp r,
srb.s_per_resp pr,
srb.s_contact c,
srb.s_user u
WHERE r.row_id = pr.resp_id
AND u.row_id = c.row_id
AND c.person_uid = pr.per_id
AND UPPER(u.login) = :login
ORDER BY r.name";
| 归档时间: |
|
| 查看次数: |
1828 次 |
| 最近记录: |