What changes are SqlCommand.Parameters.AddWithValue()made with the request?
SqlCommand.Parameters.AddWithValue()
I expect:
It replaces each character 'with '',
'
''
If the value of the parameter is a string or something that needs to be converted to a string, it surrounds the value ', therefore, for example, it select * from A where B = @hellowill select * from A where B = 'hello world'.
select * from A where B = @hello
select * from A where B = 'hello world'
If the parameter value is something "safe", as a whole, it is inserted into the request as is, without quotes, so it select * from A where B = @onewill select * from A where B = 1.
select * from A where B = @one
select * from A where B = 1
Are there any other changes that I don't know about?
ADO.NET SqlClient ! - -.
, @param1 ... @paramN SQL Server / . SQL Server , sp_executesql.
@param1 ... @paramN
sp_executesql
, " SQL" - . , ADO.NET, SQL-.
, SqlParameterCollection, SQL Injection.
MSDN , , , . , , , Reflector , .
Source: https://habr.com/ru/post/1754535/More articles:How to determine image height in jQuery? - javascriptHow can I get my form to be on top of everything all the time? - delphiParsing Date in Objective-C - objective-cГде я должен поместить мои утилиты? Как я могу использовать свою индивидуальную форму? (Delphi) - delphiWPF validation on one line? - syntaxWhen implementing bindView () for an adapter, can I skip a view? - androidjava - multiuser communication - javahttps://translate.googleusercontent.com/translate_c?depth=1&pto=aue&rurl=translate.google.com&sl=ru&sp=nmt4&tl=en&u=https://fooobar.com/questions/1754538/give-anonymous-access-to-one-page-while-site-has-windows-authentication&usg=ALkJrhjpgv2nsDAJd7h2x5BlOZte42CqJgPassing Objects and Object Oriented Design - c ++python twisted thread - pythonAll Articles