在我的项目(vb.net)中,我将一个网站的IP地址存储在一个表中,并且列表的类型为nvarchar
。但我无法从表格中检索它。我不知道它是否与“点”符号有关。请帮忙。无法从sql数据库检索带点符号的数据
这是命令我使用
query = "select *from restricted_sites where site_address='" + webip + "'"
webip
是网站的IP地址。
Imports System.Data.SqlClient
Imports System.Net
Public Class restrict
Private Sub clear_button_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles clear_button.Click
site_TextBox1.Text = ""
addr_TextBox1.Text = ""
End Sub
Private Sub submit_button_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles submit_button.Click
Dim connectionstr As String
Dim query As String
Dim conn As SqlConnection
Dim cmd As SqlCommand
Dim webip As String
Dim hostname As IPHostEntry = Dns.GetHostByName(addr_TextBox1.Text)
Dim ip As IPAddress() = hostname.AddressList
Try
webip = ip(0).ToString
connectionstr = "Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\URLTrack.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True"
conn = New SqlConnection(connectionstr)
conn.Open()
query = "insert into restricted_sites values('" + site_TextBox1.Text + "','" + webip + "')"
cmd = New SqlCommand(query, conn)
cmd.ExecuteNonQuery()
MsgBox("Website added for restriction", MsgBoxStyle.Information)
conn.Close()
Catch ex As SqlException
End Try
End Sub
End Class
Private Sub Combox1_KeyPress(ByVal sender As System.Object, ByVal e As System.Windows.Forms.KeyPressEventArgs) Handles Combox1.KeyPress
If e.KeyChar = Convert.ToChar(Keys.Enter) Then
Dim connectionstr As String
Dim query As String
Dim cmd As SqlCommand
Dim reader As SqlDataReader
Dim conn As SqlConnection
Dim url As String = ""
Dim webip As String
Dim hostname As IPHostEntry = Dns.GetHostByName(Combox1.Text)
Dim ip As IPAddress() = hostname.AddressList
webip = ip(0).ToString
connectionstr = "Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\URLTrack.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True"
conn = New SqlConnection(connectionstr)
conn.Open()
query = "select * from restricted_sites where site_address='" + webip + "'"
cmd = New SqlCommand(query, conn)
reader = cmd.ExecuteReader
While (reader.Read())
url = reader(2)
End While
reader.Close()
MsgBox(url, MsgBoxStyle.Information)
If webip <> url Then
AxWebBrowser1.Navigate(Combox1.Text)
Combox1.Text = AxWebBrowser1.LocationURL
Else
MsgBox("This Web Page is Restricted.Contact the ADMIN for Further Info", MsgBoxStyle.Critical)
End If
End If
If e.KeyChar = Convert.ToChar(Keys.Escape) Then
AxWebBrowser1.Stop()
End If
End Sub
第二个代码是比较部。 query =“select * from restricted_sites where site_address ='”+ webip +''“ 此代码是问题所在。 这是我的代码,通过匹配存储在数据库中的IP地址来限制网站,当URL正在导航。
您有一个SQL注入漏洞。 – SLaks
你能帮我解决我如何摆脱SQL注入漏洞吗? –
阅读维基百科。 – SLaks