¢¨¥Ñ¥é¥á¡¼¥¿¤òÍѤ¤¤ë¤³¤È¤Ë¤è¤êSQL InjectionÌäÂê¤ÏȯÀ¸¤·¤Ê¤¤¡£¢ÍString¥¯¥é¥¹Format¥á¥½¥Ã¥É¤Ê¤É¤Ë¤è¤êÊÑ¿ô¤òñ½ã¤Êʸ»ú·ë¹ç¤Ë¤è¤ê¤¯¤Ã¤Ä¤±SQLʸ¤ò¤Ä¤¯¤ë¤ÈSQL InjectionÌäÂ꤬ȯÀ¸¤¹¤ë²ÄǽÀ¤¬¤¢¤ë
¡¡÷¥Þ¡¼¥¯ÉÕ¤ÎÊÑ¿ô¤ò¤â¤Á¤¤¤ë
Îã
insert ¡Á values (@Id, @Name)
¤¢¤é¤«¤¸¤áOracleCommand¥ª¥Ö¥¸¥§¥¯¥È¤Ë¥»¥Ã¥È¤·¤Æ¤ª¤¯
OracleCommand cmd = new OracleCommand(£Ó£Ñ£ÌʸstringÃÍ);
¢OracleParameter¥¯¥é¥¹¤ò¤â¤Á¤¤¤ë
Îã
OracleParameter p1 = new OracleParameter("@Id", ÂåÆþ¤·¤¿¤¤stringÃÍ);
cmd.Parameters.Add(p1);
OracleParameter p2 = new OracleParameter("@Name", ÂåÆþ¤·¤¿¤¤stringÃÍ);
cmd.Parameters.Add(p2);
¤â¤·¤¯¤Ï
cmd.Parameters.Add("@Id", ÂåÆþ¤·¤¿¤¤stringÃÍ);
cmd.Parameters.Add("@Name", ÂåÆþ¤·¤¿¤¤stringÃÍ);
¡¡÷¥Þ¡¼¥¯ÉÕ¤ÎÊÑ¿ô¤ò¤â¤Á¤¤¤ë
Îã
insert ¡Á values (@Id, @Name)
¤¢¤é¤«¤¸¤áOracleCommand¥ª¥Ö¥¸¥§¥¯¥È¤Ë¥»¥Ã¥È¤·¤Æ¤ª¤¯
OracleCommand cmd = new OracleCommand(£Ó£Ñ£ÌʸstringÃÍ);
¢OracleParameter¥¯¥é¥¹¤ò¤â¤Á¤¤¤ë
Îã
OracleParameter p1 = new OracleParameter("@Id", ÂåÆþ¤·¤¿¤¤stringÃÍ);
cmd.Parameters.Add(p1);
OracleParameter p2 = new OracleParameter("@Name", ÂåÆþ¤·¤¿¤¤stringÃÍ);
cmd.Parameters.Add(p2);
¤â¤·¤¯¤Ï
cmd.Parameters.Add("@Id", ÂåÆþ¤·¤¿¤¤stringÃÍ);
cmd.Parameters.Add("@Name", ÂåÆþ¤·¤¿¤¤stringÃÍ);
¥³¥á¥ó¥È¤ò¤«¤¯