ado.not--数据库防字符串注入攻击学习及 练习
时间:2021-07-01 10:21:17
帮助过:2人阅读
using System;
2 using System.Collections.Generic;
3 using System.Linq;
4 using System.Text;
5 using System.Threading.Tasks;
6 using System.Data.SqlClient;
7
8 namespace _06_22
9 {
10 class Program
11 {
12 static void Main(
string[] args)
13 {
14
15 //练习题:
16
17 #region 显示全部
18 //1、Car表数据查出显示
19 SqlConnection coon =
new SqlConnection(
"server=.;database=Data0425;user=sa;pwd=123;");
20 SqlCommand com =
coon.CreateCommand();
21
22 com.CommandText =
"select * from car";
23 coon.Open();
24 SqlDataReader a1 =
com.ExecuteReader();
25 if (a1.HasRows)
26 {
27 while (a1.Read())
28 {
29 Console.WriteLine(
"编号:" + a1[
"Code"] +
" 品牌:" + a1[
"name"] +
" 油耗:" + a1[
"oil"] +
" 马力:" + a1[
"powers"] +
" 排量:" + a1[
"exhaust"] +
" 价格:" + a1[
"price"]);
30 }
31 }
32
33 coon.Close();
34 #endregion
35
36 //2、请输入要查的汽车名称:
37 // 请输入要查的汽车油耗:
38 // 请输入要查的汽车马力:
39 //名称:宝马
40 //油耗:8
41 //马力:1
42
43
44
45 for (; ; )
46 {
47 Console.Write(
"请输入要查的汽车名称:");
48 string cname =
Console.ReadLine();
49 Console.Write(
"请输入要查的汽车油耗:");
50 string coil =
Console.ReadLine();
51 Console.Write(
" 请输入要查的汽车马力:");
52 string cpowers = Console.ReadLine();
//输入查询内容
53
54
55 #region 三项不为空时
56 if (cname !=
"" && coil !=
"" && cpowers !=
"")
//三项不为空时
57 {
58 com.CommandText =
"select * from car where name like @cname and oil like @coil and powers like @cpowers ";
59
60 com.Parameters.Clear(); ------
防字符串注入攻击
61 com.Parameters.Add(
"@cname",
"%"+cname+
"%");
62 com.Parameters.Add(
"@coil",
"%"+coil+
"%");
63 com.Parameters.Add(
"@cpowers",
"%"+cpowers+
"%");
64
65 coon.Open();
66 SqlDataReader c1 =
com.ExecuteReader();
67 if (c1.HasRows)
68 {
69 while (c1.Read())
70 {
71 Console.WriteLine(
"编号:" + c1[
"Code"] +
" 品牌:" + c1[
"name"] +
" 油耗:" + c1[
"oil"] +
" 马力:" + c1[
"powers"] +
" 排量:" + c1[
"exhaust"] +
" 价格:" + c1[
"price"]);
72 }
73 Console.Write(
"是否结束?[y/n]"); ------
是否跳出
74 string js =
Console.ReadLine();
75 if (js ==
"y")
76 {
break; }
77 }
78 else
79 { Console.WriteLine(
"查无此项!!!重新输入!!"); }
80 coon.Close();
81 }
82
83 #endregion
84
85 #region cname为空时
86 else if (cname ==
"" && coil !=
"" && cpowers !=
"")
87 {
88 com.CommandText =
"select * from car where oil like @coil and powers like @cpowers ";
89
90 com.Parameters.Clear();
91 com.Parameters.Add(
"@coil",
"%" + coil +
"%");
92 com.Parameters.Add(
"@cpowers",
"%" + cpowers +
"%");
93
94 coon.Open();
95 SqlDataReader c1 =
com.ExecuteReader();
96 if (c1.HasRows)
97 {
98 while (c1.Read())
99 {
100 Console.WriteLine(
"编号:" + c1[
"Code"] +
" 品牌:" + c1[
"name"] +
" 油耗:" + c1[
"oil"] +
" 马力:" + c1[
"powers"] +
" 排量:" + c1[
"exhaust"] +
" 价格:" + c1[
"price"]);
101 }
102 Console.Write(
"是否结束?[y/n]");
103 string js =
Console.ReadLine();
104 if (js ==
"y")
105 {
break; }
106 }
107 else
108 { Console.WriteLine(
"查无此项!!!重新输入!!"); }
109 coon.Close();
110 }
111
112 #endregion
113
114 #region coil为空时
115 else if (cname !=
"" && coil ==
"" && cpowers !=
"")
116 {
117 com.CommandText =
"select * from car where name like @cname and powers like @cpowers ";
118
119 com.Parameters.Clear();
120 com.Parameters.Add(
"@cname",
"%" + cname +
"%");
121 com.Parameters.Add(
"@cpowers",
"%" + cpowers +
"%");
122
123 coon.Open();
124 SqlDataReader c1 =
com.ExecuteReader();
125 if (c1.HasRows)
126 {
127 while (c1.Read())
128 {
129 Console.WriteLine(
"编号:" + c1[
"Code"] +
" 品牌:" + c1[
"name"] +
" 油耗:" + c1[
"oil"] +
" 马力:" + c1[
"powers"] +
" 排量:" + c1[
"exhaust"] +
" 价格:" + c1[
"price"]);
130 }
131 Console.Write(
"是否结束?[y/n]");
132 string js =
Console.ReadLine();
133 if (js ==
"y")
134 {
break; }
135 }
136 else
137 { Console.WriteLine(
"查无此项!!!重新输入!!"); }
138 coon.Close();
139 }
140
141 #endregion
142
143 #region cpowers为空时
144 else if (cname !=
"" && coil !=
"" && cpowers ==
"")
145 {
146 com.CommandText =
"select * from car where name like @cname and oil like @coil ";
147
148 com.Parameters.Clear();
149 com.Parameters.Add(
"@cname",
"%" + cname +
"%");
150 com.Parameters.Add(
"@coil",
"%" + coil +
"%");
151
152 coon.Open();
153 SqlDataReader c1 =
com.ExecuteReader();
154 if (c1.HasRows)
155 {
156 while (c1.Read())
157 {
158 Console.WriteLine(
"编号:" + c1[
"Code"] +
" 品牌:" + c1[
"name"] +
" 油耗:" + c1[
"oil"] +
" 马力:" + c1[
"powers"] +
" 排量:" + c1[
"exhaust"] +
" 价格:" + c1[
"price"]);
159 }
160 Console.Write(
"是否结束?[y/n]");
161 string js =
Console.ReadLine();
162 if (js ==
"y")
163 {
break; }
164 }
165 else
166 { Console.WriteLine(
"查无此项!!!重新输入!!"); }
167 coon.Close();
168 }
169
170 #endregion
171
172 #region cname不为空时
173 else if (cname !=
"" && coil ==
"" && cpowers ==
"")
174 {
175 com.CommandText =
"select * from car where name like @cname";
176
177 com.Parameters.Clear();
178 com.Parameters.Add(
"@cname",
"%" + cname +
"%");
179
180 coon.Open();
181 SqlDataReader c1 =
com.ExecuteReader();
182 if (c1.HasRows)
183 {
184 while (c1.Read())
185 {
186 Console.WriteLine(
"编号:" + c1[
"Code"] +
" 品牌:" + c1[
"name"] +
" 油耗:" + c1[
"oil"] +
" 马力:" + c1[
"powers"] +
" 排量:" + c1[
"exhaust"] +
" 价格:" + c1[
"price"]);
187 }
188 Console.Write(
"是否结束?[y/n]");
189 string js =
Console.ReadLine();
190 if (js ==
"y")
191 {
break; }
192
193 }
194 else
195 { Console.WriteLine(
"查无此项!!!重新输入!!"); }
196 coon.Close();
197 }
198
199 #endregion
200
201 #region coil不为空时
202 else if (cname ==
"" && coil !=
"" && cpowers ==
"")
203 {
204 com.CommandText =
"select * from car where oil like @coil";
205
206 com.Parameters.Clear();
207 com.Parameters.Add(
"@coil",
"%" + coil +
"%");
208
209 coon.Open();
210 SqlDataReader c1 =
com.ExecuteReader();
211 if (c1.HasRows)
212 {
213 while (c1.Read())
214 {
215 Console.WriteLine(
"编号:" + c1[
"Code"] +
" 品牌:" + c1[
"name"] +
" 油耗:" + c1[
"oil"] +
" 马力:" + c1[
"powers"] +
" 排量:" + c1[
"exhaust"] +
" 价格:" + c1[
"price"]);
216 }
217 Console.Write(
"是否结束?[y/n]");
218 string js =
Console.ReadLine();
219 if (js ==
"y")
220 {
break; }
221 }
222 else
223 { Console.WriteLine(
"查无此项!!!重新输入!!"); }
224 coon.Close();
225 }
226
227 #endregion
228
229 #region cpowers不为空时
230 else if (cname ==
"" && coil ==
"" && cpowers !=
"")
231 {
232 com.CommandText =
"select * from car where powers like @cpowers ";
233
234 com.Parameters.Clear();
235 com.Parameters.Add(
"@cpowers",
"%" + cpowers +
"%");
236
237 coon.Open();
238 SqlDataReader c1 =
com.ExecuteReader();
239 if (c1.HasRows)
240 {
241 while (c1.Read())
242 {
243 Console.WriteLine(
"编号:" + c1[
"Code"] +
" 品牌:" + c1[
"name"] +
" 油耗:" + c1[
"oil"] +
" 马力:" + c1[
"powers"] +
" 排量:" + c1[
"exhaust"] +
" 价格:" + c1[
"price"]);
244 }
245 Console.Write(
"是否结束?[y/n]");
246 string js =
Console.ReadLine();
247 if (js ==
"y")
248 {
break; }
249 }
250 else
251 { Console.WriteLine(
"查无此项!!!重新输入!!"); }
252 coon.Close();
253 }
254
255 #endregion
256
257
258
259 }
260 Console.ReadLine();
261 }
262 }
263 }
ado.not--数据库防字符串注入攻击学习及 练习
标签:
