gpt4 book ai didi

c# - CA2100 : Review SQL queries for security vulnerabilities

转载 作者:行者123 更新时间:2023-11-30 21:51:23 31 4
gpt4 key购买 nike

嘿,有人可以帮我处理这段代码吗?(visual studio 给我一个警告 ca2100,我不知道该怎么做,谷歌上的解决方案我没有成为他们工作 xD)

谢谢

private void Updatebtn_Click(object sender, EventArgs e)
{
String selected = dgv.SelectedRows[0].Cells[0].Value.ToString();
int id = Convert.ToInt32(selected);
Update(id, Kundennametxt.Text, Gamecbb.Text, Bezahlungcbb.Text,Bezahltcbb.Text, Erledigtcbb.Text, PayPalEmailtxt.Text,ACCEmailtxt.Text, ACCPWtxt.Text);
}

private void Update(int id, string Kundenname, string Game, string Bezahlung, string Bezahlt, string Erledigt, string PayPalEmail,
string ACCEmail, string ACCPW)
{
string sql = "UPDATE kunden SET Kundenname='" + Kundenname + "',Game='" + Game + "',Bezahlung='" + Bezahlung +
"',Bezahlt='" + Bezahlt + "',Erledigt='" + Erledigt + "',PayPalEmail='" + PayPalEmail +
"',ACCEmail='" + ACCEmail + "',ACCPW='" + ACCPW + "' WHERE ID=" + id + "";
cmd = new MySqlCommand(sql, con);
try
{
con.Open();
adapter = new MySqlDataAdapter(cmd)
{
UpdateCommand = con.CreateCommand()
};
adapter.UpdateCommand.CommandText = sql;
if (adapter.UpdateCommand.ExecuteNonQuery() > 0)
{
ClearTxts();
MessageBox.Show("Successfully Updated");
}
con.Close();
Retrieve();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
con.Close();
}
}

最佳答案

而不是像你现在那样直接在命令中插入值像这样尝试

string sql= "UPDATE Kunden "+
" SET value1='?value1' WHERE ID=1";
try
{
con.Open();
cmd=new MySqlCommand(sql,con);
cmd.Parameters.Add(new MySqlParameter("value1",value1.Text));
//and for every parameter you need like Game,Bezahlt,Kundenname add a new
//cmd.Paramaters.Add(new MySqlParameter("paramName",paramValue));
}
catch(MySqlException ex)
{
MessageBox.Show(ex.Message);
}

关于c# - CA2100 : Review SQL queries for security vulnerabilities,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47114315/

31 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com