SQL注入是一种常见的安全漏洞,指的是攻击者通过向应用程序的输入参数中插入恶意的SQL代码,从而获取未经授权的数据或执行非法操作。
SQL注入可以发生在使用动态SQL查询构建的应用程序中,其中用户的输入直接拼接到SQL查询语句中,而没有进行充分的验证和过滤。攻击者可以利用这个漏洞来修改查询语句的意图,绕过身份验证,执行未经授权的操作,或者获取敏感数据。
第一步: 建一个SqlServer数据库表
create table [users]
(uId int identity(1,1) primary key,uLoginName nvarchar(50) not null,uLoginPwd nvarchar(50) not null
)
第二步: 完成程序
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient;namespace Dome12_SQL注入
{public partial class Form1 : Form{public Form1(){InitializeComponent();}private void Form1_Load(object sender, EventArgs e){}string conStr = "Data Source = WINGEL; Initial Catalog = People; Trusted_Connection = SSPI";private void button1_Click(object sender, EventArgs e){string name = textName.Text.Trim();string pwd = textPwd.Text.Trim();if (IsCheck()) // 检查用户是否输入了账号密码 可以节省性能{if(IsLogin(name, pwd)){MessageBox.Show("登入成功!");}else{MessageBox.Show("登入失败!");}}}bool IsLogin(string name, string pwd){bool b = false;using (SqlConnection conn = new SqlConnection(conStr)){// string sql = "select count(*) from dbo.users where uLoginName = "+name+" and uLoginPwd = "+pwd+"";// Format: 就是专门用来拼接SQL语句的 string sql = string.Format("select count(*) from dbo.users where uLoginName = '{0}' and uLoginPwd = '{1}'",name, pwd);using (SqlCommand cmd = new SqlCommand(sql, conn)){conn.Open();int count = Convert.ToInt32(cmd.ExecuteScalar());if (count > 0){b = true;}else{b = false;}}}return b;}// 检查文本框是否为空bool IsCheck(){bool b = true;if (textName.TextLength == 0 || textPwd.TextLength == 0) {b = false;}return b;}}
}
