usingSystem.Xml;classMyClass{publicstaticvoiddoQuery(Int32userId){using(SqlConnectionconnection=newSqlConnection(connectionString)){SqlCommandcommand=newSqlCommand("SELECT attr FROM table WHERE id="+userID,connection);}}}
usingSystem.Xml;classMyClass{publicstaticvoidgoQuery(Int32userID){Stringquery1="SELECT attr FROM table WHERE id="+userID;}}
Compliant Code Examples
usingSystem.Xml;classMyClass{publicstaticvoiddoQuery(Int32userID){using(SqlConnectionconnection=newSqlConnection(connectionString)){SqlCommandcommand=newSqlCommand("SELECT attr FROM table WHERE id=@ID",connection);command.Parameters.Add("@ID",SqlDbType.Int);command.Parameters["@ID"].Value=userID;}}}
シームレスな統合。 Datadog Code Security をお試しください
Datadog Code Security
このルールを試し、Datadog Code Security でコードを解析する
このルールの使用方法
1
2
rulesets:- csharp-security # Rules to enforce C# security.