我正尝试从api字符串发送一个大查询。 如果我的查询太大,则不会在我的http侦听器中发送它。
这是我的代码:
var table = db.Table<OrderPreviewClass>();
query = "";
foreach (var item in table)
query += "Insert into InventoryTransTemp (InventoryItemID,CategoryID,Name,Quantity,Price,ExtrasPrice,RealPrice,Extras,UserID,UserName,TableName,DiscountPrice,CashierUserID,PrintFiscal,Printed) values ('" + item.InventoryItemID + "','" + item.CategoryID + "','" + item.Description + "','" + item.Quantity + "','" + item.Price.Replace(",", ".") + "','" + item.ExtrasPrice.Replace(",", ".") + "','" + item.RealPrice.Replace(",", ".") + "','" + item.Extras + "','" + MyUserID + "','" + MyUserName + "','" + MyTableName + "','" + item.Price.Replace(",", ".") + "')";
HttpClient hTTPClient = new HttpClient();
hTTPClient.Timeout = TimeSpan.FromMilliseconds(5000);
var uri = new Uri(string.Format("http://192.168.1.15:8282/" + query));
var response = await hTTPClient.GetAsync(uri);
if (response.IsSuccessStatusCode)
{
string content = await response.Content.ReadAsStringAsync();
}
HttpListener listener = new HttpListener();
listener.Prefixes.Add("http://192.168.1.15:8282/");
listener.Start();
new Thread(() =>
{
while (true)
{
HttpListenerContext context = listener.GetContext();
string methodName = Convert.ToString(context.Request.Url);
MessageBox.Show(methodName);
string Response = "Response";
HttpListenerResponse response = context.Response;
string responseString = Convert.ToString(Response);
byte[] buffer = System.Text.Encoding.UTF8.GetBytes(responseString);
response.ContentLength64 = buffer.Length;
System.IO.Stream output = response.OutputStream;
output.Write(buffer, 0, buffer.Length);
output.Close();
//MessageBox.Show(methodName);
}
}).Start();
侦听器正在工作,如果我仅在网址后发送一个小字符串
答案 0 :(得分:0)
由于SQL语句是静态的,因此请勿在uri中传递整个语句,因此请在侦听器中构建sql语句,并仅发送将注入到sql语句中的值。这不仅减少了uri的大小,而且还大大降低了sql注入或泄露数据库架构的风险。