早教吧作业答案频道 -->其他-->
SUSERNAME=:USERNAMEANDSPASSWORD=:PASSWORD";OracleParameter[]parms={newOracleParameter("USERNAME",OracleType.VarChar),newOracleParameter("PASSWORD",OracleType.VarChar),};parms[0].Value=userName;parms[1].Value=password;stringsql="SELEC
题目详情
S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD";
OracleParameter[] parms = {
new OracleParameter("USERNAME",OracleType.VarChar),
new OracleParameter("PASSWORD",OracleType.VarChar),
};
parms[0].Value = userName;
parms[1].Value = password;
string sql = "SELECT * FROM TBL_C_USER WHERE S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD";
这是什么用法?要实现怎样的功能?尤其是S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD 很诡异?没见过
OracleParameter[] parms = {
new OracleParameter("USERNAME",OracleType.VarChar),
new OracleParameter("PASSWORD",OracleType.VarChar),
};
parms[0].Value = userName;
parms[1].Value = password;
string sql = "SELECT * FROM TBL_C_USER WHERE S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD";
这是什么用法?要实现怎样的功能?尤其是S_USERNAME=:USERNAME AND S_PASSWORD=:PASSWORD 很诡异?没见过
▼优质解答
答案和解析
冒号:后面的是定义的参数组的KEY,比如USERNAME,它的值是之前附的userName
相比直接"SELECT * FROM TBL_C_USER WHERE S_USERNAME='"+userName+"'AND S_PASSWORD='"password'"
这样传入可以避免SQL注入
相比直接"SELECT * FROM TBL_C_USER WHERE S_USERNAME='"+userName+"'AND S_PASSWORD='"password'"
这样传入可以避免SQL注入
看了 SUSERNAME=:USE...的网友还看了以下:
求一个Mathematica.7.0的password,为什么我有注册机生存的password会提 2020-05-12 …
BIOS中的supervisor password和user password有什么区别?我的BI 2020-05-16 …
在配置命令super password [simple|cipher] password 里,参数s 2020-05-31 …
这些我看不懂,麻烦帮帮忙.NewUsersSignUpBelowPleasefilloutthef 2020-06-09 …
新手提问,望大家解答帮忙看下这个stringsqlstr="selectusertypefromU 2020-06-12 …
这一段页面开头的js如何理解?vartotal=varss=window.location.sea 2020-07-26 …
SUSERNAME=:USERNAMEANDSPASSWORD=:PASSWORD";Oracle 2020-07-26 …
INSERTINTO语法INSERTINTOUnit(unitId,unitName,father 2020-07-26 …
程序异常:weblogic.common.resourcepool.ResourceDeadExc 2020-07-26 …
关于phplogin问题if($POST['btnLogin']){$cont=newSql('s 2020-08-04 …