码迷,mamicode.com
首页 > 数据库 > 详细

数据库操作 (防注入攻击)

时间:2016-08-22 09:24:22      阅读:242      评论:0      收藏:0      [点我收藏+]

标签:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Data.SqlClient;

namespace ConsoleApplication1
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("请输入要查询的汽车代号:");
string code = Console.ReadLine();
SqlConnection conn = new SqlConnection("server=.;database=mydb;user=sa;pwd=1023823348");
SqlCommand cmd = conn.CreateCommand();
cmd.CommandText = "select * from car where code=@code";
cmd.Parameters.Clear();
cmd.Parameters.AddWithValue("@code",code);
conn.Open();
SqlDataReader dr = cmd.ExecuteReader();
if (dr.HasRows)
{
while (dr.Read())
{
Console.WriteLine(dr[0] + "--" + dr[1]);
Console.WriteLine("输入1删除该数据 输入2修改数据 输入3添加数据");
}
int a = int.Parse(Console.ReadLine());
dr.Close();
if (a == 1)
{
cmd.CommandText = "delete from car where Code=@code";
cmd.ExecuteNonQuery();
Console.WriteLine("删除成功!");
}
else if (a == 2)
{
Console.WriteLine("请输入内容");
string name = Console.ReadLine();
cmd.CommandText = "update car set name=@name where code=@code ";
cmd.Parameters.Clear();
cmd.Parameters.AddWithValue("@name", name);
cmd.Parameters.AddWithValue("@code", code);
cmd.ExecuteNonQuery();
Console.WriteLine("修改成功!");
}
else if (a == 3)
{
Console.WriteLine("请输入");
string code2 = Console.ReadLine();
Console.WriteLine("请输入内容名字");
string name = Console.ReadLine();
Console.WriteLine("请输入系列编号");
string brand = Console.ReadLine();
Console.WriteLine("请输入内容日期");
string time = Console.ReadLine();
Console.WriteLine("请输入内容油耗*.**");
double oil =double.Parse( Console.ReadLine());
Console.WriteLine("请输入内容马力");
int powers = int.Parse(Console.ReadLine());
Console.WriteLine("请输入内容");
int exhaust = int.Parse(Console.ReadLine());
Console.WriteLine("请输入内容");
double price =double.Parse( Console.ReadLine());
Console.WriteLine("请输入内容");
string pic = Console.ReadLine();

cmd.CommandText = "insert into car values( @code,@name,@brand,@time,@oil,@powers,@exhaust,@price,@pic)";
cmd.Parameters.Clear(); 
cmd.Parameters.AddWithValue("@code", code2);
cmd.Parameters.AddWithValue("@name", name);
cmd.Parameters.AddWithValue("@brand", brand);
cmd.Parameters.AddWithValue("@time", time);
cmd.Parameters.AddWithValue("@oil", oil);
cmd.Parameters.AddWithValue("@powers", powers);
cmd.Parameters.AddWithValue("@exhaust", exhaust);
cmd.Parameters.AddWithValue("@price", price);
cmd.Parameters.AddWithValue("@pic", pic); 
cmd.ExecuteNonQuery();
Console.WriteLine("添加成功!");
}
else
{
Console.WriteLine("错误");
}
}
else
{
Console.WriteLine("没有查到相应的数据");
}

conn.Close();
Console.ReadLine();

}
}

}

数据库操作 (防注入攻击)

标签:

原文地址:http://www.cnblogs.com/zzzy0828/p/5794324.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!