Question

我有这个代码我想写ORDER BY DESC，但我不知道该怎么做可以请一些人帮忙

OleDbCommand cmd = new OleDbCommand("SELECT * FROM users WHERE [id] = " + Session_ID, conn2);

Answer 1

首先，您应该知道此类代码对SQL Injection开放，您应始终使用parameterized queries来避免 SQL注入。像这样：

OleDbCommand cmd = new OleDbCommand("SELECT * FROM users WHERE [id] = ? " +
                                    "ORDER BY ID DESC", conn2);
cmd.Parameters.Add(new OleDbParameter("@SessionID", Session_ID));

Answer 2

 OleDbCommand cmd = new OleDbCommand("SELECT * FROM users 
  WHERE [id] = " + Session_ID + " ORDER BY ID DESC", conn2);

虽然上面会有效，但它有严重的缺陷。可以在上面的SQL Query中简单地执行SQL注入，因此强烈建议使用参数化查询来防止@S.Akbari建议的SQL注入

使用order by在C＃中连接SQL

2 个答案: