我有一些存储过程
CREATE PROC MyProc ( @FullName NVARCHAR(200) = NULL ) AS --.............当我把这个proc称为exec MyProc 'Some english text'它运作良好。
但如果将其称为使用俄语字母的exec MyProc 'Русский текст' ,则无法正常工作。
呼叫exec MyProc N'Русский текст'再次运作良好。
我有一个客户端应用程序和...我需要在参数中添加N前缀? 如果是,我该怎么办?
I have some stored procedure
CREATE PROC MyProc ( @FullName NVARCHAR(200) = NULL ) AS --.............When I call this proc as exec MyProc 'Some english text' it works good.
But if call it as exec MyProc 'Русский текст' that is using Russian alphabet, it doesn't work properly.
And the call exec MyProc N'Русский текст' works good again.
I have a client application and... I need to add N prefix to parameters? If yes, how do I do it?
最满意答案
如果要连接.net代码中的字符串,则只需要(手动)N. 如果您将SQLParameter声明为nvarchar,它会自动执行:框架会为您处理它。
因此,您的客户端代码不正确,并打开SQL注入
无论如何,N说字符串文字是unicode。
The N would only be needed (manually) if you are concatenating a string in the .net code. It's automatic if you declare a SQLParameter as nvarchar: the framework takes care of it for you.
So your client code is incorrect and opens you up to SQL injection
Anyway, the N says that the string literal is unicode.
更多推荐
发布评论