Injection C# SQL

2018-07-03 16:11:06

This question already has an answer here:

How does the SQL injection from the “Bobby Tables” XKCD comic work? 12 answers

Just to show how a Sql Injection is really easy and, apart from destruction of data, could lead to other nasty effects

textbox1.Text = "' OR User_na LIKE '%'; --";

the resulting comm.CommandText is

comm.commandtext = @"Select * from Logins where User_na='' OR User_na LIKE '%'--pass_wrd= 'xxx'";
SqlDataReader r = cmd.ExecuteReader();
if(r.HasRows)
{
    MessageBox.Show("The poor programmer was tricked by a smart hacker");
    .....
}

then depending on how do you check the results of the query the unauthenticated user could gain access to your program

链接地址: http://www.djcxy.com/p/93814.html

上一篇: SQL注入在概念上如何工作？（简要）

下一篇: 注入C＃SQL