当前位置:七道奇文章资讯网站建设网站编程
日期:2011-01-09 10:27:00  来源:本站整理

asp.net防sql注入分页查询参数代码[网站编程]

赞助商链接



  本文“asp.net防sql注入分页查询参数代码[网站编程]”是由七道奇为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:

利用办法:

pagerquery query = new pagerquery();
query.pageindex = 1;
query.pagesize = 20;
query.pk = "id";
query.selectclause = "*";
query.fromclause = "testtable";
query.sortclause = "id desc";

if (!string.isnullorempty(code))
{
query.whereclause.append(" and id= @id");
}

a) generatecountsql ()办法生成的语句为:
select count(0) from testtable where 1=1 and id= @id

b) generatesql()办法生成的语句为:
with t as (select row_number() over(order by ecid desc) as row_number, * from testtable where 1=1 and id= @id) select * from t where row_number between 1 and 20

c) generatesqlincludettotalrecords()办法生成的语句为:
with t as (select row_number() over(order by e.ecid desc) as row_number,* from testtable where 1=1 and id= @id) select * from t where row_number between 1 and 20;select count(0) from ecbasicinfo where 1=1 and id= @id;

代码以下

public class pagerquery
{
private int _pageindex;
private int _pagesize = 20;
private string _pk;
private string _fromclause;
private string _groupclause;
private string _selectclause;
private string _sortclause;
private stringbuilder _whereclause;
public datetime datefilter = datetime.minvalue;

protected querybase()
{
_whereclause = new stringbuilder();
}

/**//// <summary>
/// 主键
/// </summary>
public string pk
{
get { return _pk; }
set { _pk = value; }
}

public string selectclause
{
get { return _selectclause; }
set { _selectclause = value; }
}

public string fromclause
{
get { return _fromclause; }
set { _fromclause = value; }
}

public stringbuilder whereclause
{
get { return _whereclause; }
set { _whereclause = value; }
}

public string groupclause
{
get { return _groupclause; }
set { _groupclause = value; }
}

public string sortclause
{
get { return _sortclause; }
set { _sortclause = value; }
}

/**//// <summary>
/// 当前页数
/// </summary>
public int pageindex
{
get { return _pageindex; }
set { _pageindex = value; }
}

/**//// <summary>
/// 分页大小
/// </summary>
public int pagesize
{
get { return _pagesize; }
set { _pagesize = value; }
}

/**//// <summary>
/// 生成缓存key
/// </summary>
/// <returns></returns>
public override string getcachekey()
{
const string keyformat = "pager-sc:{0}-fc:{1}-wc:{2}-gc:{3}-sc:{4}";
return string.format(keyformat, selectclause, fromclause, whereclause, groupclause, sortclause);
}

/**//// <summary>
/// 生成查询记录总数的sql语句
/// </summary>
/// <returns></returns>
public string generatecountsql()
{
stringbuilder sb = new stringbuilder();

sb.appendformat(" from {0}", fromclause);
if (whereclause.length > 0)
sb.appendformat(" where 1=1 {0}", whereclause);

if (!string.isnullorempty(groupclause))
sb.appendformat(" group by {0}", groupclause);

return string.format("select count(0) {0}", sb);
}

/**//// <summary>
/// 生成份页查询语句,包含记录总数
/// </summary>
/// <returns></returns>
public string generatesqlincludetotalrecords()
{
stringbuilder sb = new stringbuilder();
if (string.isnullorempty(selectclause))
selectclause = "*";

if (string.isnullorempty(sortclause))
sortclause = pk;

int start_row_num = (pageindex - 1)*pagesize + 1;

sb.appendformat(" from {0}", fromclause);
if (whereclause.length > 0)
sb.appendformat(" where 1=1 {0}", whereclause);

if (!string.isnullorempty(groupclause))
sb.appendformat(" group by {0}", groupclause);

string countsql = string.format("select count(0) {0};", sb);
string temps教程ql =
string.format(
"with t as (select row_number() over(order by {0}) as row_number,{1}{2}) select * from t where row_number between {3} and {4};",
sortclause, selectclause, sb, start_row_num, (start_row_num + pagesize - 1));

return tempsql + countsql;
}

/**//// <summary>
/// 生成份页查询语句
/// </summary>
/// <returns></returns>
public override string generatesql()
{
stringbuilder sb = new stringbuilder();
if (string.isnullorempty(selectclause))
selectclause = "*";

if (string.isnullorempty(sortclause))
sortclause = pk;

int start_row_num = (pageindex - 1)*pagesize + 1;

sb.appendformat(" from {0}", fromclause);
if (whereclause.length > 0)
sb.appendformat(" where 1=1 {0}", whereclause);

if (!string.isnullorempty(groupclause))
sb.appendformat(" group by {0}", groupclause);

return
string.format(
"with t as (select row_number() over(order by {0}) as row_number,{1}{2}) select * from t where row_number between {3} and {4}",
sortclause, selectclause, sb, start_row_num, (start_row_num + pagesize - 1));
}
}


  以上是“asp.net防sql注入分页查询参数代码[网站编程]”的内容,如果你对以上该文章内容感兴趣,你可以看看七道奇为您推荐以下文章:
  • ASP利用正则表达式提取内容
  • nginx 反向代理iis支持 ASP脚本设置
  • <b>ASP.NET安全设置防备ASPXSpy</b>
  • Ubuntu Server+Apache 运行 asp.net
  • 怎样ASP.NET MVC调用Delphi开辟的Web报表
  • 学习ASP.NET需求举行的步骤办法
  • ASP.NET脚本过滤-避免跨站脚本攻击
  • Asp WinHttp.WinHttpRequest.5.1 对象利用详解
  • ASP防XSS注入函数
  • Asp 防备CC攻击模块 (Anti-CC.asp)
  • metasploit metasploit 中文系统安装失利问题
  • Ubuntu 11下安装Metasploit Pro 4.0.0
  • 本文地址: 与您的QQ/BBS好友分享!
    • 好的评价 如果您觉得此文章好,就请您
        0%(0)
    • 差的评价 如果您觉得此文章差,就请您
        0%(0)

    文章评论评论内容只代表网友观点,与本站立场无关!

       评论摘要(共 0 条,得分 0 分,平均 0 分) 查看完整评论
    Copyright © 2020-2022 www.xiamiku.com. All Rights Reserved .