??????????????????????Σ?

????????????????仰??”????????д????????SQL???????????????”
?????κ????SQL????????SQL??????????????????????????????????????exec ??????SQL???????SQL?????
????????????????

private static void TestMethod()
{
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
SqlCommand comm = new SqlCommand();
comm.Connection = conn;
//???exec??????SQL
//?????е???????(@UserID varchar(max))select * from Users(nolock) where UserID in (1??2??3??4)
//????????(@UserID varchar(max))exec('select * from Users(nolock) where UserID in ('+@UserID+')')
comm.CommandText = "exec('select * from Users(nolock) where UserID in ('+@UserID+')')";
comm.Parameters.Add(new SqlParameter("@UserID"?? SqlDbType.VarChar?? -1) { Value = "1??2??3??4" });
//comm.Parameters.Add(new SqlParameter("@UserID"?? SqlDbType.VarChar?? -1) { Value = "1??2??3??4); delete from Users;--" });
comm.ExecuteNonQuery();
}
}
??????е?SQL ???£?
????exec sp_executesql N'exec(''select * from Users(nolock) where UserID in (''+@UserID+'')'')'??N'@UserID varchar(max) '??@UserID='1??2??3??4'
 
???????????SQL?????в??????????
?????????UserID?????”1??2??3??4); delete from Users;—-”???????е?SQL????????????
????exec sp_executesql N'exec(''select * from Users(nolock) where UserID in (''+@UserID+'')'')'??N'@UserID varchar(max) '??@UserID='1??2??3??4); delete from Users;--'
???????????????@UserID ??????????SQL????????е?SQL ???£?
?????κζ???????SQL ????????????????????ζ?????????м?????????????????м????????????????????????д??SQL????????????????????????
?????????С???????????????????(____) ???????????(____)???????
??????????????????????????????????????
????????????????????????????????????м?????????????????м???????SQL??????????岻??仯???????????SQL????????????????м?????п??????SQL????洢?????????????????????????????м????