27,580
社区成员
发帖
与我相关
我的任务
分享
DbCommandData cmdtab1 = new DbCommandData("if exists(select object_id from sys.tables where name=@tableName) delete from "+@tableName+" where (mobile is null or mobile = '')");
cmdtab1.AddParameter("@tableName",tableName);
DbAccessHelper.ExecuteNonQuery(cmdtab1);
tableName是表明 这样会被注入么 怎么处理啊