Question

我想知道我的应用程序是否可以以前端格式，URL或任何其他方式注入。

前端：

rm /Users/<username>/.credentials/drive-nodejs-quickstart.json

代码隐藏：

<form id="form1" runat="server">
     <asp:HyperLink ID="HyperLinkBack" runat="server" NavigateUrl="~/Default.aspx">Go Back</asp:HyperLink> 
     <h3>
            Service Locations</h3>
     <table >
        <tr>             
            <td><asp:Label id="lblFilterValue" Text="Filter Value :" runat="server"></asp:Label></td>
            <td><asp:TextBox ID="txtFilterValue" runat="server"></asp:TextBox></td>           
            <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;</td>
            <td>
                 <asp:Label ID="FieldList" runat="server" Text="Filter By :"></asp:Label>
            </td>
            <td>
                 <asp:DropDownList ID="drpFields"  runat="server"></asp:DropDownList>
            </td>            
         </tr>                       
    </table>
    <br />
            <asp:Button  ID="btnReset" runat="server"  Text="Reset" 
         onclick="btnReset_Click" /> 
            <asp:Button  ID="btnSearch" runat="server"  Text="Search" 
         onclick="btnSearch_Click" />  
</form>

SP：

public static DataTable GetLocationFilter(string sFie6ld, string sValue)
    {



    DataTable dtdata = new DataTable();

    SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["LOCATIONS"].ConnectionString);
    SqlCommand comm = new SqlCommand("usp_SelectLocations", conn);
    SqlDataAdapter da = new SqlDataAdapter(comm);

    comm.CommandType = CommandType.StoredProcedure;
    comm.Parameters.Add(new SqlParameter("@sValue", sValue));

    da.Fill(dtdata);
    return dtdata;
    }

我的代码是否可以破解或足够安全？

0 个答案: