问题描述

我有以下代码。在做

dataAdapter.Update(dataset, " TableX ");
I add some rows to the datatable which have some columns nvarchar. Does this prone to Sql Injection
ds.tables[0].Rows["TableX"] = MALICIOUS SQL INJECTION ATTEMPT; // let's
say this is where the end user could slip malicious string he wanted
into

我尝试过：



使用（var dataAdapter = new SqlDataAdapter（selectCommand））

using（var cmdBuilder = new SqlCommandBuilder（dataAdapter））

{

cmdBuilder.ConflictOption = ConflictOption.OverwriteChanges;



using（var dataset = new DataSet（））

{

var stopwatch = new秒表（）;



dataAdapter。 UpdateBatchSize = 0;

dataAdapter.AcceptChangesDuringFill = false;

dataAdapter.AcceptChangesDuringUpdate = false;



秒表。 Start（）;

dataAdapter.Fill（dataset，Table X）;

newrow包含一些navrchar类型的列

ds.Tables [TableX]。Rows.Add（newRow）;

dataset.AcceptChanges（）;



dataAdapter.Update（dataset，TableX）;

}

}

What I have tried:

using (var dataAdapter = new SqlDataAdapter(selectCommand))
using (var cmdBuilder = new SqlCommandBuilder(dataAdapter))
{
cmdBuilder.ConflictOption = ConflictOption.OverwriteChanges;

using (var dataset = new DataSet())
{
var stopwatch = new Stopwatch();

dataAdapter.UpdateBatchSize = 0;
dataAdapter.AcceptChangesDuringFill = false;
dataAdapter.AcceptChangesDuringUpdate = false;

stopwatch.Start();
dataAdapter.Fill(dataset, "TableX");
newrow contains some columns of type navrchar
ds.Tables["TableX"].Rows.Add(newRow);
dataset.AcceptChanges();

dataAdapter.Update(dataset, " TableX ");
}
}

推荐答案

这篇关于是dataadapter。更新容易出现SQL注入？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！