动态sql如何防止sql注入

动态sql防止sql注入的示例：

在对应的数据库中添加以下sql语句：

DECLARE @variable NVARCHAR(100)

DECLARE @SQLString NVARCHAR(1024)

DECLARE @ParmDefinition NVARCHAR(500)

SET @SQLString = N'SELECT OEV.Name, OEV.Position, Base_Employee.Address, OEV.Telephone, OEV.MobilePhone, OEV.Email, OEV.RealDepID

FROM Base_OrganizeEmployeeView AS OEV

JOIN Base_Employee

ON Base_Employee.Emp_ID = OEV.Emp_ID

WHERE (OEV.Account LIKE ''%'' + @searchFilter + ''%'' OR OEV.Name LIKE ''%'' + @searchFilter + ''%'' OR OEV.Position LIKE ''%'' + @searchFilter + ''%'' ) AND STATE = 1'

SET @parmDefinition = N'@searchFilter varchar(100)'

SET @variable = N'k'

EXECUTE sp_executesql @SQLString, @ParmDefinition, @searchFilter = @variable

上一篇：curl如何支持ssl

下一篇：怎么样删除cdn缓存