Sql参数化添加

在Dal层写入Sql代码防止sql注入

try
{
//二 通过Sql语句完成添加
//二 1.防止sql注入
//二 2.SqlQuery只能执行 select 类型的语句
//以下这种写法不防Sql注入
//return db.Database.ExecuteSqlCommand($"insert into UserInfo values(‘{userInfo.Uname}‘,‘{userInfo.Upwd}‘,‘{userInfo.Udell}‘,‘{userInfo.Usex}‘,‘{userInfo.Email}‘,‘{userInfo.Utime}‘)");
// //以下这种写法防Sql注入
SqlParameter[] sqls = {
new SqlParameter("@Uname",userInfo.Uname),
new SqlParameter("@Upwd",userInfo.Upwd),
new SqlParameter("@Udell",userInfo.Udell),
new SqlParameter("@Usex",userInfo.Usex),
new SqlParameter("@Email",userInfo.Email),
new SqlParameter("@Utime",userInfo.Utime)
};
return db.Database.ExecuteSqlCommand("insert into UserInfo values(@Uname,@Upwd,@Udell,@Usex,@Email,@Utime)", sqls);
}
catch (Exception)
{

throw;
}

在Bll层进行调用

            try
            {
                return dal.AddUserInfo(userInfo);
            }
            catch (Exception)
            {

                throw;
            }

在控制器中进行调用以及返回到视图

       var result = UserInfoBll.AddUserInfo(userInfo);
            return Json(result, JsonRequestBehavior.DenyGet);

在试图中运用Vue进行添加操作

<script>
    let app = new Vue({
        el: "#app",
        data() {
            return {
                UserData: {
                    Uname: "",
                    Upwd: "",
                    Udell: true,
                    Usex: true,
                    Email: "",
                    Utime: ""
                },
                list: [],
                name: "",
                pageIndex: 1,
                pageSize: 3,
                totalCount: 0,
                totalPage:0
            }
        },
        methods: {
            HandleSubmit() {
                axios.post(/UserInfo/AddUserInfo, this.UserData).then(res => {
                    if (res.data > 0) {
                        //重新加载
                        this.HandleShow();
                    }
                })
            },
            HandleShow() {
                axios.get(/UserInfo/PageUserInfo, {
                    params: {
                        name: this.name,
                        pageIndex: this.pageIndex,
                        pageSize: this.pageSize
                    }
                }).then(res => {
                    this.list = res.data.Data;
                    this.totalCount = res.data.totalCount;
                    this.totalPage = res.data.totalPage;
                })
            }
        },
        created: function () {
            this.HandleShow();
        }
    })
</script>

 

Sql参数化添加

上一篇:python环境下使用tab自动补全命令


下一篇:oracle定时任务重置序列