.NET¤ä¥ª¥é¥¯¥ë¡¡¥ê¥Ê¥Ã¥¯¥¹¡¡¥á¥â¤Ç¤¹¡¡¡Ê½ñ¤­»¶¤é¤«¤·¤Ç¤¹¡¡¤¹¤¤¤Þ¤»¤ó¡Ë

¢¨¥Ñ¥é¥á¡¼¥¿¤òÍѤ¤¤ë¤³¤È¤Ë¤è¤êSQL InjectionÌäÂê¤ÏȯÀ¸¤·¤Ê¤¤¡£¢ÍString¥¯¥é¥¹Format¥á¥½¥Ã¥É¤Ê¤É¤Ë¤è¤êÊÑ¿ô¤òñ½ã¤Êʸ»ú·ë¹ç¤Ë¤è¤ê¤¯¤Ã¤Ä¤±SQLʸ¤ò¤Ä¤¯¤ë¤ÈSQL InjectionÌäÂ꤬ȯÀ¸¤¹¤ë²ÄǽÀ­¤¬¤¢¤ë
­¡¡÷¥Þ¡¼¥¯ÉÕ¤ÎÊÑ¿ô¤ò¤â¤Á¤¤¤ë
Îã
insert ¡Á values (@Id, @Name)
¤¢¤é¤«¤¸¤áOracleCommand¥ª¥Ö¥¸¥§¥¯¥È¤Ë¥»¥Ã¥È¤·¤Æ¤ª¤¯
OracleCommand cmd = new OracleCommand(£Ó£Ñ£ÌʸstringÃÍ);

­¢OracleParameter¥¯¥é¥¹¤ò¤â¤Á¤¤¤ë

Îã
OracleParameter p1 = new OracleParameter("@Id", ÂåÆþ¤·¤¿¤¤stringÃÍ);
cmd.Parameters.Add(p1);
OracleParameter p2 = new OracleParameter("@Name", ÂåÆþ¤·¤¿¤¤stringÃÍ);
cmd.Parameters.Add(p2);
¤â¤·¤¯¤Ï
cmd.Parameters.Add("@Id", ÂåÆþ¤·¤¿¤¤stringÃÍ);
cmd.Parameters.Add("@Name", ÂåÆþ¤·¤¿¤¤stringÃÍ);



¥³¥á¥ó¥È¤ò¤«¤¯


¡Öhttp://¡×¤ò´Þ¤àÅê¹Æ¤Ï¶Ø»ß¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

ÍøÍѵ¬Ìó¤ò¤´³Îǧ¤Î¤¦¤¨¤´µ­Æþ²¼¤µ¤¤

´ÉÍý¿Í/Éû´ÉÍý¿Í¤Î¤ßÊÔ½¸¤Ç¤­¤Þ¤¹