程序博客网 > 柯南 主席 知乎

C#中SqlParameter的作用与用法

来源:互联网 发布:柯南 主席 知乎 编辑:程序博客网 时间:2024/05/01 08:52
一般来说,在更新DataTable或是DataSet时,如果不采用SqlParameter,那么当输入的Sql语句出现歧义时,如字符串中含有单引号,程序就会发生错误,并且他人可以轻易地通过拼接Sql语句来进行注入攻击。
string sql = "update Table1 set name = 'Pudding' where ID = '1'";//未采用SqlParameterSqlConnection conn = new SqlConnection();conn.ConnectionString = "Data Source=.\\SQLExpress;Integrated Security=true;AttachDbFilename=|DataDirectory|\\Database.mdf;User Instance=true";//连接字符串与数据库有关SqlCommand cmd = new SqlCommand(sql, conn);try{    conn.Open();    return(cmd.ExecuteNonQuery());}catch (Exception){    return -1;    throw;}finally{    conn.Close();}

上述代码未采用SqlParameter,除了存在安全性问题,该方法还无法解决二进制流的更新,如图片文件。通过使用SqlParameter可以解决上述问题,常见的使用方法有两种,Add方法和AddRange方法。

一、Add方法

<div class="cnblogs_Highlighter" style="font-family: verdana, Arial, Helvetica, sans-serif; margin: 0px; padding: 0px; border: 1px solid rgb(204, 204, 204); font-size: 13px; background-color: rgb(248, 248, 248);"><div style="margin: 0px; padding: 0px;"><div id="highlighter_476474" class="syntaxhighlighter  csharp" style="padding: 0px; width: 1022px; margin: 1em 0px !important; position: relative !important; overflow: auto !important; font-size: 1em !important; background-color: rgb(255, 255, 255) !important;"><table border="0" cellpadding="0" cellspacing="0" style="border: 1px; width: 1022px; border-collapse: collapse; margin: 0px !important; padding: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; font-size: 12px !important; min-height: inherit !important;"><tbody style="margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; min-height: inherit !important;"><tr style="margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; min-height: inherit !important;"><td class="code" style="padding: 3px; border: 1px; width: 994px; border-collapse: collapse; margin: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important; word-break: normal !important;"><div class="container" style="margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: relative !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; min-height: inherit !important;"><div class="line number1 index0 alt2" style="margin: 0px !important; padding: 0px 1em !important; background-color: rgb(248, 248, 248) !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; min-height: inherit !important;"><code class="csharp plain" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important;">SqlParameter sp = </code><code class="csharp keyword" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important; color: rgb(0, 0, 255) !important;">new</code> <code class="csharp plain" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important;">SqlParameter(</code><code class="csharp string" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important; color: blue !important;">"@name"</code><code class="csharp plain" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important;">,</code><code class="csharp string" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important; color: blue !important;">"Pudding"</code><code class="csharp plain" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important;">);</code></div><div class="line number2 index1 alt1" style="margin: 0px !important; padding: 0px 1em !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; min-height: inherit !important;"><code class="csharp plain" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important;">cmd.Parameters.Add(sp);</code></div><div class="line number3 index2 alt2" style="margin: 0px !important; padding: 0px 1em !important; background-color: rgb(248, 248, 248) !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; min-height: inherit !important;"><code class="csharp plain" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important;">sp = </code><code class="csharp keyword" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important; color: rgb(0, 0, 255) !important;">new</code> <code class="csharp plain" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important;">SqlParameter(</code><code class="csharp string" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important; color: blue !important;">"@ID"</code><code class="csharp plain" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important;">,</code><code class="csharp string" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important; color: blue !important;">"1"</code><code class="csharp plain" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important;">);</code></div><div class="line number4 index3 alt1" style="margin: 0px !important; padding: 0px 1em !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; min-height: inherit !important;"><code class="csharp plain" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important;">cmd.Parameters.Add(sp);</code></div><div><code class="csharp plain" style="white-space: pre-wrap; margin: 0px !important; padding: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; line-height: 2em !important; outline: 0px !important; overflow: visible !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-family: 'Courier New', Consolas, 'Bitstream Vera Sans Mono', Courier, monospace !important; min-height: inherit !important;"></code></div></div></td></tr></tbody></table></div></div></div>

该方法每次只能添加一个SqlParameter。上述代码的功能是将ID值等于1的字段name更新为Pudding(人名)。

二、AddRange方法

SqlParameter[] paras = new SqlParameter[] { new SqlParameter("@name","Pudding"),new SqlParameter("@ID","1") };cmd.Parameters.AddRange(paras);

显然,Add方法在添加多个SqlParameter时不方便,此时,可以采用AddRange方法。
  下面是通过SqlParameter向数据库存储及读取图片的代码。
public int SavePhoto(string photourl){    FileStream fs = new FileStream(photourl, FileMode.Open, FileAccess.Read);//创建FileStream对象,用于向BinaryReader写入字节数据流    BinaryReader br = new BinaryReader(fs);//创建BinaryReader对象,用于写入下面的byte数组    byte[] photo = br.ReadBytes((int)fs.Length);//新建byte数组,写入br中的数据    br.Close();//记得要关闭br    fs.Close();//还有fs    string sql = "update Table1 set photo = @photo where ID = '0'";    SqlConnection conn = new SqlConnection();    conn.ConnectionString = "Data Source=.\\SQLExpress;Integrated Security=true;AttachDbFilename=|DataDirectory|\\Database.mdf;User Instance=true";    SqlCommand cmd = new SqlCommand(sql, conn);    SqlParameter sp = new SqlParameter("@photo", photo);    cmd.Parameters.Add(sp);    try    {        conn.Open();        return (cmd.ExecuteNonQuery());    }    catch (Exception)    {        return -1;        throw;    }    finally    {        conn.Close();    }} public void ReadPhoto(string url)    {        string sql = "select photo from Table1 where ID = '0'";        SqlConnection conn = new SqlConnection();        conn.ConnectionString = "Data Source=.\\SQLExpress;Integrated Security=true;AttachDbFilename=|DataDirectory|\\Database.mdf;User Instance=true";        SqlCommand cmd = new SqlCommand(sql, conn);        try        {            conn.Open();            SqlDataReader reader = cmd.ExecuteReader();//采用SqlDataReader的方法来读取数据            if (reader.Read())            {                byte[] photo = reader[0] as byte[];//将第0列的数据写入byte数组                FileStream fs = new FileStream(url,FileMode.CreateNew);创建FileStream对象,用于写入字节数据流                fs.Write(photo,0,photo.Length);//将byte数组中的数据写入fs                fs.Close();//关闭fs            }            reader.Close();//关闭reader        }        catch (Exception ex)        {            throw;        }        finally        {            conn.Close();        }    }}



0 0
柯南 主席 知乎 柯南 主席 知乎
原创粉丝点击
热门IT博客
java b2c商城系统源码java b2c商城系统源码
上古世纪捏脸数据在那上古世纪捏脸数据在那
ubuntu 找不到安装包
淘宝最火的商品排行榜
mysql压缩版怎么安装
mac mail qq邮箱设置
华东医院数据库
python安装包官网下载
mtv合成机软件下载
dns域名系统
qq三国js完美奥义
江苏海纳船务知乎
sublime text 3运行js
人工智能的公司有哪些
斗牛快速算法
自己印t恤 知乎
爱淘宝抢红包入口
互联网软件开发流程
ooa ood oop编程思想
北京seo排名优化公司
热门问题 老师的惩罚 人脸识别 我在镇武司摸鱼那些年 重生之率土为王 我在大康的咸鱼生活 盘龙之生命进化 天生仙种 凡人之先天五行 春回大明朝 姑娘不必设防,我是瞎子 建行消费贷 兴业消费贷好申请吗 中邮消费贷怎么样 58消费贷靠谱吗 农行消费贷 58金融消费贷app下载 建行消费贷款怎么贷 什么是消费贷 公积金消费贷 消费贷 利率 消费贷买房 消费贷影响房贷吗 消费贷银行 个人消费贷利率 消费贷计算 什么叫消费贷 个人消费贷 利率 块贷 借两万的网贷 建行分期通消费贷款 轻身消胖丸 中满分消丸 轻身消胖丸减肥效果好不好 轻身消胖丸减肥效果 六味能消丸 哪些人不宜吃加味消遥丸 同仁堂有荨麻立消丸 消遥叹歌词 消防4懂4会4个能力 消防4个能力 考消防证看什么书 2018年消防工程师根本没人要 消防安全责任人 消防员救出16人后累到呕吐 消防工程师没人要 全国一级消防工程师有多少人 二级消防工程师根本没有人要 我是消防兵 消防兵报名 消防兵工资多少 消防兵工资

程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里