#region 获取标准工时
public DataTable getStandWorkTime(string mater_no,string shop_name)
{
string sqlString="select plan_work_time from tr_mo_wt_plan where modelname ='"+mater_no+"' and shop_name ='"+shop_name+"'";
try
{
return OracleHelper.ExecuteDataset(WMSConfiguration.ConnectionString,CommandType.Text,sqlString).Tables[0];
}
catch(Exception)
{
return new DataTable();
}
}
#endregion以上数据访问安全吗?如何解决?
public DataTable getStandWorkTime(string mater_no,string shop_name)
{
string sqlString="select plan_work_time from tr_mo_wt_plan where modelname ='"+mater_no+"' and shop_name ='"+shop_name+"'";
try
{
return OracleHelper.ExecuteDataset(WMSConfiguration.ConnectionString,CommandType.Text,sqlString).Tables[0];
}
catch(Exception)
{
return new DataTable();
}
}
#endregion以上数据访问安全吗?如何解决?
1、如果是指oracle操作方面,那么不这么写,所有的app都无法对数据操作了;
2、如果是指本身的程序语句方面,那我建议向sql传进参数而不用直接写sql语句,以防止有些变量含有sql的特殊字符;
代码访问安全要看整个项目的面向对象架构了