问题描述
我有以下代码。在做
dataAdapter.Update(dataset, " TableX ");
I add some rows to the datatable which have some columns nvarchar. Does this prone to Sql Injection
ds.tables[0].Rows["TableX"] = MALICIOUS SQL INJECTION ATTEMPT; // let's
say this is where the end user could slip malicious string he wanted
into
我尝试过:
使用(var dataAdapter = new SqlDataAdapter(selectCommand))
using(var cmdBuilder = new SqlCommandBuilder(dataAdapter))
{
cmdBuilder.ConflictOption = ConflictOption.OverwriteChanges;
using(var dataset = new DataSet())
{
var stopwatch = new秒表();
dataAdapter。 UpdateBatchSize = 0;
dataAdapter.AcceptChangesDuringFill = false;
dataAdapter.AcceptChangesDuringUpdate = false;
秒表。 Start();
dataAdapter.Fill(dataset,Table X);
newrow包含一些navrchar类型的列
ds.Tables [TableX]。Rows.Add(newRow);
dataset.AcceptChanges();
dataAdapter.Update(dataset,TableX);
}
}
What I have tried:
using (var dataAdapter = new SqlDataAdapter(selectCommand))
using (var cmdBuilder = new SqlCommandBuilder(dataAdapter))
{
cmdBuilder.ConflictOption = ConflictOption.OverwriteChanges;
using (var dataset = new DataSet())
{
var stopwatch = new Stopwatch();
dataAdapter.UpdateBatchSize = 0;
dataAdapter.AcceptChangesDuringFill = false;
dataAdapter.AcceptChangesDuringUpdate = false;
stopwatch.Start();
dataAdapter.Fill(dataset, "TableX");
newrow contains some columns of type navrchar
ds.Tables["TableX"].Rows.Add(newRow);
dataset.AcceptChanges();
dataAdapter.Update(dataset, " TableX ");
}
}
推荐答案
这篇关于是dataadapter。更新容易出现SQL注入?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!