怎么防止：动态sql怎么防止sql注入

动态sql怎样避免SQL注入

动态sql避免sql注入的示例：

在对应的数据库中添加以下sql语句：

DECLARE @variable NVARCHAR(100)

DECLARE @SQLString NVARCHAR(1024)

DECLARE @ParmDefinition NVARCHAR(500)

SET @SQLString = N’SELECT OEV.Name, OEV.Position, Base_Employee.Address, OEV.Telephone, OEV.MobilePhone, OEV.Email, OEV.RealDepID

FROM Base_OrganizeEmployeeView AS OEV

JOIN Base_Employee

ON Base_Employee.Emp_ID = OEV.Emp_ID

WHERE (OEV.Account LIKE ”%” + @searchFilter + ”%” OR OEV.Name LIKE ”%” + @searchFilter + ”%” OR OEV.Position LIKE ”%” + @searchFilter + ”%” ) AND STATE = 1′

SET @parmDefinition = N’@searchFilter varchar(100)’

SET @variable = N’k’

EXECUTE sp_executesql @SQLString, @ParmDefinition, @searchFilter = @variable

本文来源：https://www.yuntue.com/post/61242.html | 云服务器网，转载请注明出处！