這篇文章主要介紹了asp執行帶參數的sql語句實例,參數化SQL語句可以有效的防止SQL注入漏洞,需要的朋友可以參考下
asp執行帶參數的sql語句,需要在sql語句中加入參數,可以有效屏蔽SQL注入,原始碼如下:
複製代碼代碼如下:var conn = Server.CreateObject(ADODB.Connection);
conn.ConnectionString = Provider=Microsoft.Jet.OLEDB.4.0;Data Source= + Server.MapPath(Test.mdb);
conn.Open();
var cmd = Server.CreateObject(ADODB.Command);
cmd.ActiveConnection = conn;
cmd.CommandType = 1;
cmd.CommandText = SELECT TOP 1 * FROM [User] WHERE UserName = ? AND Password = ?;
cmd.Parameters.Append(cmd.CreateParameter(@UserName, 200, 1, 20, user01));
cmd.Parameters.Append(cmd.CreateParameter(@Password, 200, 1, 16, 123456));
var rs = cmd.Execute();
Response.Write(rs(UserId).value);
rs.Close();
conn.Close();