CSDN博客

img xuiwhr

对sql inject的简单防范,据说这样其实是不够的,请明白人加以说明

发表于2004/6/25 14:26:00  249人阅读

  /// <summary>
  /// Escapes a string to allow it to be safely used in an SQL
  /// query. It will double up single quotes, and return the supplied
  /// string wrapped in single quotes. Eg the string "Steve's a guy"
  /// will be returned as "'Steve''s a guy'". Binary characters are
  /// not handled.
  /// </summary>
  /// <returns>Resulting string</returns>
  public static string Quote(string input)
  {
   return String.Format("'{0}'", input.Replace("'", "''"));
  }
0 0

相关博文

我的热门文章

img
取 消
img