在我的項目(vb.net)中,我將一個網站的IP地址存儲在一個表中,並且列表的類型爲nvarchar
。但我無法從表格中檢索它。我不知道它是否與「點」符號有關。請幫忙。無法從sql數據庫檢索帶點符號的數據
這是命令我使用
query = "select *from restricted_sites where site_address='" + webip + "'"
webip
是網站的IP地址。
Imports System.Data.SqlClient
Imports System.Net
Public Class restrict
Private Sub clear_button_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles clear_button.Click
site_TextBox1.Text = ""
addr_TextBox1.Text = ""
End Sub
Private Sub submit_button_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles submit_button.Click
Dim connectionstr As String
Dim query As String
Dim conn As SqlConnection
Dim cmd As SqlCommand
Dim webip As String
Dim hostname As IPHostEntry = Dns.GetHostByName(addr_TextBox1.Text)
Dim ip As IPAddress() = hostname.AddressList
Try
webip = ip(0).ToString
connectionstr = "Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\URLTrack.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True"
conn = New SqlConnection(connectionstr)
conn.Open()
query = "insert into restricted_sites values('" + site_TextBox1.Text + "','" + webip + "')"
cmd = New SqlCommand(query, conn)
cmd.ExecuteNonQuery()
MsgBox("Website added for restriction", MsgBoxStyle.Information)
conn.Close()
Catch ex As SqlException
End Try
End Sub
End Class
Private Sub Combox1_KeyPress(ByVal sender As System.Object, ByVal e As System.Windows.Forms.KeyPressEventArgs) Handles Combox1.KeyPress
If e.KeyChar = Convert.ToChar(Keys.Enter) Then
Dim connectionstr As String
Dim query As String
Dim cmd As SqlCommand
Dim reader As SqlDataReader
Dim conn As SqlConnection
Dim url As String = ""
Dim webip As String
Dim hostname As IPHostEntry = Dns.GetHostByName(Combox1.Text)
Dim ip As IPAddress() = hostname.AddressList
webip = ip(0).ToString
connectionstr = "Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\URLTrack.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True"
conn = New SqlConnection(connectionstr)
conn.Open()
query = "select * from restricted_sites where site_address='" + webip + "'"
cmd = New SqlCommand(query, conn)
reader = cmd.ExecuteReader
While (reader.Read())
url = reader(2)
End While
reader.Close()
MsgBox(url, MsgBoxStyle.Information)
If webip <> url Then
AxWebBrowser1.Navigate(Combox1.Text)
Combox1.Text = AxWebBrowser1.LocationURL
Else
MsgBox("This Web Page is Restricted.Contact the ADMIN for Further Info", MsgBoxStyle.Critical)
End If
End If
If e.KeyChar = Convert.ToChar(Keys.Escape) Then
AxWebBrowser1.Stop()
End If
End Sub
第二個代碼是比較部。 query =「select * from restricted_sites where site_address ='」+ webip +''「 此代碼是問題所在。 這是我的代碼,通過匹配存儲在數據庫中的IP地址來限制網站,當URL正在導航。
您有一個SQL注入漏洞。 – SLaks
你能幫我解決我如何擺脫SQL注入漏洞嗎? –
閱讀維基百科。 – SLaks