I want to modify my code like below but after modification my regex dont work. what I am doing wrong?
我想修改我的代码如下,但修改后我的正则表达式不起作用。我做错了什么?
my code
我的代码
Regex reg = new Regex("(ALTER TABLE .+ REFERENCES\\s+)\"USER1\"[.](.+)");
richTextBox1.Text = reg.Replace(richTextBox1.Text, "$1$2");
modified code
修改后的代码
Regex reg = new Regex(String.Format("(ALTER TABLE .+ REFERENCES\\s+)\"{0}\"[.](.+)",textbox1.text);
richTextBox1.Text = reg.Replace(richTextBox1.Text, "$1$2");
1 个解决方案
#1
3
The fundamental problem with your code stems from the threat of SQL Injection Attacks.
代码的根本问题源于SQL注入攻击的威胁。
This approach of building the sql statement dynamically with string manipulation is frought with danger, using regexes or not.
这种使用字符串操作动态构建sql语句的方法是危险的,使用正则表达式。
STOP NOW
现在停下来
Your more focused problem goes away.
你更集中的问题消失了。
Use some approach that uses parameters substitution. ADO.Net commands with paramters or an ORM or perhaps write a stored procedure.
使用一些使用参数替换的方法。 ADO.Net命令带有参数或ORM,或者可能编写存储过程。
#1
3
The fundamental problem with your code stems from the threat of SQL Injection Attacks.
代码的根本问题源于SQL注入攻击的威胁。
This approach of building the sql statement dynamically with string manipulation is frought with danger, using regexes or not.
这种使用字符串操作动态构建sql语句的方法是危险的,使用正则表达式。
STOP NOW
现在停下来
Your more focused problem goes away.
你更集中的问题消失了。
Use some approach that uses parameters substitution. ADO.Net commands with paramters or an ORM or perhaps write a stored procedure.
使用一些使用参数替换的方法。 ADO.Net命令带有参数或ORM,或者可能编写存储过程。