using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Data.SqlClient;
/* SQL注入漏洞攻周
* 登陆判断: select * FROM t_users where UserName=... and Password=...,将参数拼到SQL语句中
* 构造恶意的Password: 1' or '1'='1
* 防范注入漏洞攻击的方式:不使用SQL语句拼接,通过参数赋值
*
* 查询参数
* SQL语句使用@UserName表示"此处用参数代替",向SqlCommand的Parameters中添加参数
* cmd.CommandText = "select * FROM t_user where username=@u AND password=@p";
* cmd.Parameters.Add(new SqlParameter("u","admin"))
* cmd.Parameters.Add(new SqlParameter("p","111111"));
* 参数在SQLServer内部不是简单的字符串替换,sqlserver直接用添加值进行数据比较,因此不会有注入漏洞攻击
*
*/
namespace _8注入漏洞与参数化查询
{
class Program
{
static void Main(string[] args)
{
string dataDir = AppDomain.CurrentDomain.BaseDirectory;
if (dataDir.EndsWith(@"\bin\Debug\")
|| dataDir.EndsWith(@"\bin\Release\"))
{
dataDir = System.IO.Directory.GetParent(dataDir).Parent.Parent.FullName;
AppDomain.CurrentDomain.SetData("DataDirectory", dataDir);
}
/*Console.WriteLine("请输入用户名:");
string username = Console.ReadLine();
Console.WriteLine("请输入密码:");
string password = Console.ReadLine();
//输入1' or '1' = '1造成SQL注入漏洞攻击
using (SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=E:\MyProjects\C#net传智播客\第五季ADO.NET\8注入漏洞与参数化查询\8注入漏洞与参数化查询\Database1.mdf;Integrated Security=True;User Instance=True"))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
//cmd.CommandText = "select count(*) FROM T_User where UserName='"+username+"' AND Password='"+password+"' ";
cmd.CommandText = "select count(*) FROM T_User where UserName=@UserName AND Password=@Password ";
cmd.Parameters.Add(new SqlParameter("UserName",username));
cmd.Parameters.Add(new SqlParameter("Password",password));
int i = Convert.ToInt32(cmd.ExecuteScalar());
if (i > 0)
{
Console.WriteLine("登陆成功!");
}
else {
Console.WriteLine("登陆失败!");
}
}
}*/
/*案例
用户界面中进行登陆判断,输错三次禁止登陆,用数据库记录ErrorTimes
* 数据导入:从文本文件导入用户信息,易错点:
* Paramter的重复添加
*
* 数据导出,将用户信息导出到文本文件中
*/
Console.ReadKey();
}
}
}