Home > Net > VB.NET can prevent injection when the DEBUG to see the final SQL text
VB.NET can prevent injection when the DEBUG to see the final SQL text
Time:11-15
Ask a question, the following is my write a SQL injection prevention article
Dim updateStatement As String= "The UPDATE table1 set" & amp; "Name=? " "WHERE Name=?" Using updateCommand As New OleDbCommand (updateStatement, connect) UpdateCommand. The Parameters. AddWithValue (" @ Name1, "Name1) UpdateCommand. The Parameters. AddWithValue (" @ Name2 "Name2) UpdateCommand. ExecuteNonQuery () End Using
This code will be a problem, has been carried out to OK I want to ask, DEBUG, the execution & lt; UpdateCommand. ExecuteNonQuery () & gt; Is replaced before, can you see good content of SQL text Such as NAME1="aa" NAME2="bb", " That is when I was in the DEBUG, want to see the SQL is CodePudding user response: Parameterization is not joining together the SQL, it during code execution, there is no update table1 set name="aa" where name="bb" this statement appeared