防止SQL注入的解决方法就是参数化查询...
防止SQL注入的解决方法就是参数化查询...
--------------------编程问答--------------------
结帖率:0.00%
--------------------编程问答--------------------
参数化查询示例:
Dim cn As ADODB.Connection
Dim rs As ADODB.Recordset
Dim cmd As ADODB.Command
Dim param As ADODB.Parameter
Dim sql As String
Set cn = New ADODB.Connection
cn.CursorLocation = adUseClient
cn.open "Provider = SQLOLEDB.1;Persist Security Info = False;" & _
"User ID = sa;Password = 123;Data Source = 192.168.11.210;" & _
"Initial Catalog = TEST"
Set cmd = New ADODB.Command
Set rs = New ADODB.Recordset
cmd.ActiveConnection = cn
cmd.CommandText = "select * from tb where id=? and nm=?"
cmd.CommandType = adCmdText
Set param = cmd.CreateParameter("ID", adInteger, adParamInput, 4, 23)
cmd.Parameters.Append param
Set param = cmd.CreateParameter("NM", adVarChar, adParamInput, 20, "ADB")
cmd.Parameters.Append param
Set rs = cmd.Execute
Debug.Print rs.RecordCount
Set rs = Nothing
Set cmd = Nothing
Set cn = Nothing
--------------------编程问答--------------------
jf..............
--------------------编程问答--------------------
帮顶
--------------------编程问答--------------------
太累!
补充:VB , 网络编程