asp.net防sql注入分页查询参数代码(1/2)
使用方法:
pagerquery query = new pagerquery();
query.pageindex = 1;
query.pagesize = 20;
query.pk = "id";
query.selectclause = "*";
query.fromclause = "testtable";
query.sortclause = "id desc";
if (!string.isnullorempty(code))
{
query.whereclause.append(" and id= @id");
}
a) generatecountsql ()方法生成的语句为:
select count(0) from testtable where 1=1 and id= @id
b) generatesql()方法生成的语句为:
with t as (select row_number() over(order by ecid desc) as row_number, * from testtable where 1=1 and id= @id) select * from t where row_number between 1 and 20
c) generatesqlincludettotalrecords()方法生成的语句为:
with t as (select row_number() over(order by e.ecid desc) as row_number,* from testtable where 1=1 and id= @id) select * from t where row_number between 1 and 20;select count(0) from ecbasicinfo where 1=1 and id= @id;
补充:asp.net教程,安全和优化
