• sql 防注入插入


     1  var strsql = "insert into Staff_Answer (ExamTitleID,QuestionsID,MultipleChoice,RightOption,AnswerOption,IsRight,Score,StaffScore,Remark,State,Creator,CreatOrg,CreateTime) values";
     2             strsql += "(@ExamTitleID,@QuestionsID,@MultipleChoice,@RightOption,@AnswerOption,@IsRight,@Score,@StaffScore,@Remark,@State,@Creator,@CreatOrg,@CreateTime)";
     3             var cmd = new SqlCommand(strsql);
     4             var param = new SqlParameter[] { 
     5                                                 new SqlParameter("@ExamTitleID",SqlDbType.UniqueIdentifier),
     6                                                 new SqlParameter("@QuestionsID",SqlDbType.UniqueIdentifier),
     7                                                 new SqlParameter("@MultipleChoice",SqlDbType.NVarChar,2),
     8                                                 new SqlParameter("@RightOption",SqlDbType.NVarChar,200),
     9                                                 new SqlParameter("@AnswerOption",SqlDbType.NVarChar,200),
    10                                                 new SqlParameter("@IsRight",SqlDbType.NVarChar,2),
    11                                                 new SqlParameter("@Score",SqlDbType.Decimal,18),
    12                                                 new SqlParameter("@StaffScore",SqlDbType.Decimal,18),
    13                                                 new SqlParameter("@Remark",SqlDbType.Text),
    14                                                 new SqlParameter("@State",SqlDbType.NVarChar,2),
    15                                                 new SqlParameter("@Creator",SqlDbType.NVarChar,200),
    16                                                 new SqlParameter("@CreatOrg",SqlDbType.NVarChar,200),
    17                                                 new SqlParameter("@CreateTime",SqlDbType.NVarChar,200)
    18                                             };
    19 
    20 
    21             param[0].Value = new Guid(this.ExamTitleCode.Value);
    22             param[1].Value = new Guid(QuestionsID);
    23             param[2].Value = Anserdt.Rows[0]["MultipleChoice"].ToString();
    24             param[3].Value = RightOption;
    25             param[4].Value = AnswerOption;
    26             param[5].Value = ISRight ? "1" : "0";
    27             param[6].Value = Convert.ToInt32(Question.Rows[0]["Score"]);
    28             param[7].Value = ISRight ? Convert.ToInt32(Question.Rows[0]["Score"]) : 0;
    29             param[8].Value = this.Remark.InnerText;
    30             param[9].Value = "1";
    31             param[10].Value = userid;
    32             param[11].Value = Orgname1;
    33             param[12].Value = DateTime.Now;
    34 
    35             foreach (SqlParameter para in param)
    36             {
    37                 cmd.Parameters.Add(para);
    38             }
    39            helps.GetExecuteNonQueryBySqlPa(cmd);
    40         }
    View Code

    感谢同事给我提供的内容

  • 相关阅读:
    常用加密解密类(含3des)
    谷歌API(Ajax)
    flashpaper使用详解
    布置小窝
    CodeSimth数据访问层模板
    CodeSmith业务逻辑层模板
    CodeSimth生成实体类模板
    C# 参考之方法参数关键字:params、ref及out
    ALV 格式常用参数
    BOM输出
  • 原文地址:https://www.cnblogs.com/yuanjiehot/p/4352538.html
Copyright © 2020-2023  润新知