C#操作各种执行sql的方法含存储过程操作
using System;
using System.Collections.Generic;
using System.Text;
using System.Data.SqlClient;
using System.Xml;
using System.Data;
namespace MyDbTest
{
class Program
{
static void Main(string[] args)
{
SqlConnection thisConnection = new SqlConnection(
@"Data Source=localhost;Initial Catalog=CSGL;Persist Security Info=True;User ID=test;Password=test");
thisConnection.Open();
SqlCommand myCommand = new SqlCommand("P_Test", thisConnection);
myCommand.CommandType = CommandType.StoredProcedure;
//添加输入查询参数、赋予值
myCommand.Parameters.Add("@id", SqlDbType.Int);
myCommand.Parameters["@id"].Value = "120";
//添加输出参数
myCommand.Parameters.Add("@Rowcount", SqlDbType.Int);
myCommand.Parameters["@Rowcount"].Direction = ParameterDirection.Output;
myCommand.ExecuteNonQuery();
//得到存储过程输出参数
Console.WriteLine(" 存储过程的参数"+ myCommand.Parameters["@Rowcount"].Value.ToString());
thisConnection.Close();
Console.ReadLine();
//SqlCommand thisCommand = thisConnection.CreateCommand();
//thisCommand.CommandText = "select count(*) from stu";
////ExecuteScalar:执行只返回一个值的SQL命令。
//object countResult = thisCommand.ExecuteScalar();
//Console.WriteLine("Count of Customers={0}", countResult);
//thisConnection.Close();
//Console.ReadLine();
//SqlCommand thisCommand = thisConnection.CreateCommand();
//thisCommand.CommandText = "update stu set snm='haha' where id=120";
////Inset,Update,Delelte的数据修改操作也不返回任何数据,
////我们对这些命令感兴趣的是修改操作影响的行数,可以用ExecuteNonQuery()方法
//int rowsAffected = thisCommand.ExecuteNonQuery();
//Console.WriteLine("Rows Updated={0}", rowsAffected);
//thisConnection.
相关文档:
if object_id('[tb]') is not null
drop table [tb]
go
create table [tb]([id] int,[col1] varchar(8),[col2] int)
insert [tb]
select 1,'河北省',0 union all
select 2,'邢台市',1 union all
select 3,'石家庄市',1 union all
select 4,'张家口市',1 union all
&n ......
1.如何在javascript访问C#变量
方法一:使用<%=%>
<input id="Button3" type="button" value="js调用c#变量" onclick="return Button3_onclick()" />
function Button3_onclick()
{
alert('我的名字:'+ '<%=name %>'); ......
第一节、SQL注入的一般步骤
首先,判断环境,寻找注入点,判断数据库类型,这在入门篇已经讲过了。
其次,根据注入参数类型,在脑海中重构SQL语句的原貌,按参数类型主要分为下面三种:
(A) ID=49 这类注入的参数是数字型,SQL语句原貌大致如下:
Select * from 表名 where
字段=49
注入的参数为ID=49 And [查询条件 ......
1.oracle
sql = "SELECT column_name, data_type, data_length, nullable";
sql += " from user_tab_columns ";
sql += " where table_name='";
sql += $tableName;
sql += "'";
select * from user_tab_comments & ......