我做了一个传视频的网站,在安全方面需过滤字符、md5加密、sql语句参数化外,还需要再注意什么?另外我想要让这行语句参数化select * from videoInfo where VideoTitle like '%" + Session["txtKeys"] + "%' order by VideoDate desc该怎么写?
...全文
13215打赏收藏
asp.net安全问题。
我做了一个传视频的网站,在安全方面需过滤字符、md5加密、sql语句参数化外,还需要再注意什么?另外我想要让这行语句参数化select * from videoInfo where VideoTitle like '%" + Session["txtKeys"] + "%' order by VideoDate desc该怎么写?
[Quote=引用 1 楼 wuyq11 的回复:]
参数化操作
SqlParameter
sql="select * from videoInfo where VideoTitle like '%" + Session["txtKeys"] + "%' order by VideoDate desc
string strSql = "SELECT * FROM VideoTitle WHERE VideoTitle like @t";
参数化操作
SqlParameter
sql="select * from videoInfo where VideoTitle like '%" + Session["txtKeys"] + "%' order by VideoDate desc
string strSql = "SELECT * FROM VideoTitle WHERE VideoTitle like @t";