热门关键字:   网站安全  黑客攻防  安全漏洞  系统安全  网络安全

使用动态sql的方法防止sql注入

发布时间:2012-11-22 12:46文章来源:网络文章作者:秩名 点击次数:
摘要:事例SQL语句如下: DECLARE @variable NVARCHAR(100) DECLARE @SQLString NVARCHAR(1024) DECLARE @ParmDefinition NVARCHAR(500) SET @SQLString = N'SELECT OEV.Name, OEV.Position, Base_Employee.Address, OEV.Telephone, OEV.MobilePhone, OEV.Email, O...

事例SQL语句如下:
DECLARE @variable NVARCHAR(100)
DECLARE @SQLString NVARCHAR(1024)
DECLARE @ParmDefinition NVARCHAR(500)
SET @SQLString = N'SELECT OEV.Name, OEV.Position, Base_Employee.Address, OEV.Telephone, OEV.MobilePhone, OEV.Email, OEV.RealDepID
FROM Base_OrganizeEmployeeView AS OEV
JOIN Base_Employee
ON Base_Employee.Emp_ID = OEV.Emp_ID
WHERE (OEV.Account LIKE ''%'' + @searchFilter + ''%'' OR OEV.Name LIKE ''%'' + @searchFilter + ''%'' OR OEV.Position LIKE ''%'' + @searchFilter + ''%'' ) AND STATE = 1'
SET @parmDefinition = N'@searchFilter varchar(100)'
SET @variable = N'k'
EXECUTE sp_executesql @SQLString, @ParmDefinition, @searchFilter = @variable

标签分类:

上一篇:五个危险的数据库安全问题
下一篇:没有了