问题描述
检查Sqlparameter的范围,如果在DataBase中它是smallint则检查sqlParameter中的值并将其传递给sqlparameter集合。
谢谢。
我尝试了什么:
Dim sqlString As String =从aspnet_UsersInRoles中选择RoleId,其中UserID = @ UserID和Id = @ ID
Dim myparm As SqlParameter()= New SqlParameter(1){}
Dim chkuserID As New Guid(UserID)
myparm(0)=新的SqlParameter(@ UserID,chkuserID)
myparm(1)=新的SqlParameter(@ ID, SqlDbType.Char,4)
myparm(1).Value =Shubham
但这段代码运行成功,但Shubham是7个字符,参数大小为4。 br />
请提供Int和日期类型值的代码。
check range of Sqlparameter, If in DataBase it is smallint then check value in sqlParameter and pass it in a sqlparameter collection.
Thanks.
What I have tried:
Dim sqlString As String = "Select RoleId from aspnet_UsersInRoles where UserID =@UserID And Id=@ID"
Dim myparm As SqlParameter() = New SqlParameter(1) {}
Dim chkuserID As New Guid(UserID)
myparm(0) = New SqlParameter("@UserID", chkuserID)
myparm(1) = New SqlParameter("@ID", SqlDbType.Char, 4)
myparm(1).Value = "Shubham"
But this code runs successfully but Shubham is 7 character word and parameter size is 4.
Please provide code for Int and date type values Also.
推荐答案
谢谢但我想使用Range for Sqlpa我们代码的rameter可以防止SQL注入。
Thanks But i want to use Range for Sqlparameter of our code protect from SQL injection.
你不需要 .Size -property SqlParameter 用于防止SQL注入。使用SQL参数可以防止带有或不带有指定大小值的SQL注入。
但是你可能想要设置 .Size , .Precision 和 .Scale -properties(适用于数据类型)这是因为它提高了查询执行性能。请参阅此MSDN博客: []
You don't need the .Size-property of SqlParameter for protection against SQL-injection. Using SQL-parameters will prevent SQL-injection with or without a specified size of the value.
But there's another reason you might want to set the .Size, .Precision, and .Scale-properties (where applicable to the data type) and that's because it improves query execution performance. Please refer to this MSDN blog: How Data Access Code Affects Database Performance[^]
这篇关于检查sqlparameter的范围的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!