0
我需要從asp.net web表單插入文本。我的字符串中的最後一個插入需要根據樹視圖檢查值插入列中的值。我需要在避免SQL注入的插入語句中運行子查詢。當前的代碼插入一個空值而不是來自select語句的值。用子查詢插入查詢asp.net
這是我的代碼:
string content = TxtContent.Text;
string Pagename = txtKeywords.Text;
string title = TxtPageName.Text;
string description = TxtDescription.Text;
string URL = TxtPageName.Text;
string Keywords = txtKeywords.Text;
string tree = TreeView1.SelectedValue;
string query = @"INSERT INTO Menus([content], [Pagename], [title], [description], [Keywords], [url], [ParentMenuId]) " + "Values('" + content + "', '" + Pagename + "', '" + title + "', '" + description + "', '" + Keywords + "', '/" + URL + "', (Select [parentmenuid] from [menus] where [title] ='"+tree+"'))";
using (SqlConnection connection = new SqlConnection("Data Source=MYConnectionString"))
{
using (SqlCommand command = new SqlCommand(query, connection))
{
connection.Open();
command.ExecuteNonQuery();
}
}
請看看[Sql注入攻擊](https://en.wikipedia.org/wiki/SQL_injection),因爲你目前的代碼充滿了這個問題。 –