Fatal编程技术网
  • csharp/
  • C# Http客户端大查询

C# Http客户端大查询

c#

C# Http客户端大查询,c#,C#,我正试图以api字符串的形式从发送一个大查询。 如果我的查询太大,它不会将其发送到我的http侦听器中 这是我的密码: var table = db.Table<OrderPreviewClass>(); query = ""; foreach (var item in table) query += "Insert into InventoryTransTemp (InventoryItemID,CategoryID,

我正试图以api字符串的形式从发送一个大查询。 如果我的查询太大,它不会将其发送到我的http侦听器中

这是我的密码:

  var table = db.Table<OrderPreviewClass>();
        query = "";


        foreach (var item in table)
            query += "Insert into InventoryTransTemp (InventoryItemID,CategoryID,Name,Quantity,Price,ExtrasPrice,RealPrice,Extras,UserID,UserName,TableName,DiscountPrice,CashierUserID,PrintFiscal,Printed) values ('" + item.InventoryItemID + "','" + item.CategoryID + "','" + item.Description + "','" + item.Quantity + "','" + item.Price.Replace(",", ".") + "','" + item.ExtrasPrice.Replace(",", ".") + "','" + item.RealPrice.Replace(",", ".") + "','" + item.Extras + "','" + MyUserID + "','" + MyUserName + "','" + MyTableName + "','" + item.Price.Replace(",", ".") + "')";


        HttpClient hTTPClient = new HttpClient();
        hTTPClient.Timeout = TimeSpan.FromMilliseconds(5000);

        var uri = new Uri(string.Format("http://192.168.1.15:8282/" + query));
        var response = await hTTPClient.GetAsync(uri);
        if (response.IsSuccessStatusCode)
        {
            string content = await response.Content.ReadAsStringAsync();


        }
如果我在url后只发送一个小字符串,则侦听器正在工作,因为SQL语句是静态的。不要在uri中传递整个语句,在侦听器中构建SQL语句,只发送将注入SQL语句的值。这不仅减少了uri的大小,还大大降低了sql注入或泄露数据库架构的风险。

通过uri发送sql语句似乎会让您面临sql注入攻击。我想你可能想考虑一个参数化的查询,只需在API调用中传递参数值。如果我的查询太大,这意味着什么?要知道在URL中发送查询,因为最大URL长度是2083个字符。另外,将查询作为url参数发送是错误的解决方案,IMHONo nothing。我只是没有从http侦听器得到任何答案。如果我将发送一个较小的字符串,然后它发送它。请告诉我这不是一个面向公众的网站。。。。 
HttpListener listener = new HttpListener();
        listener.Prefixes.Add("http://192.168.1.15:8282/");
        listener.Start();
        new Thread(() =>
        {
            while (true)
            {


                HttpListenerContext context = listener.GetContext();
                string methodName = Convert.ToString(context.Request.Url);
                MessageBox.Show(methodName);
                string Response = "Response";

                HttpListenerResponse response = context.Response;
                string responseString = Convert.ToString(Response);
                byte[] buffer = System.Text.Encoding.UTF8.GetBytes(responseString);
                response.ContentLength64 = buffer.Length;
                System.IO.Stream output = response.OutputStream;
                output.Write(buffer, 0, buffer.Length);
                output.Close();
                //MessageBox.Show(methodName);
            }
        }).Start();