C# Http客户端大查询
我正试图以api字符串的形式从发送一个大查询。 如果我的查询太大,它不会将其发送到我的http侦听器中 这是我的密码:C# Http客户端大查询,c#,C#,我正试图以api字符串的形式从发送一个大查询。 如果我的查询太大,它不会将其发送到我的http侦听器中 这是我的密码: var table = db.Table<OrderPreviewClass>(); query = ""; foreach (var item in table) query += "Insert into InventoryTransTemp (InventoryItemID,CategoryID,
var table = db.Table<OrderPreviewClass>();
query = "";
foreach (var item in table)
query += "Insert into InventoryTransTemp (InventoryItemID,CategoryID,Name,Quantity,Price,ExtrasPrice,RealPrice,Extras,UserID,UserName,TableName,DiscountPrice,CashierUserID,PrintFiscal,Printed) values ('" + item.InventoryItemID + "','" + item.CategoryID + "','" + item.Description + "','" + item.Quantity + "','" + item.Price.Replace(",", ".") + "','" + item.ExtrasPrice.Replace(",", ".") + "','" + item.RealPrice.Replace(",", ".") + "','" + item.Extras + "','" + MyUserID + "','" + MyUserName + "','" + MyTableName + "','" + item.Price.Replace(",", ".") + "')";
HttpClient hTTPClient = new HttpClient();
hTTPClient.Timeout = TimeSpan.FromMilliseconds(5000);
var uri = new Uri(string.Format("http://192.168.1.15:8282/" + query));
var response = await hTTPClient.GetAsync(uri);
if (response.IsSuccessStatusCode)
{
string content = await response.Content.ReadAsStringAsync();
}
如果我在url后只发送一个小字符串,则侦听器正在工作,因为SQL语句是静态的。不要在uri中传递整个语句,在侦听器中构建SQL语句,只发送将注入SQL语句的值。这不仅减少了uri的大小,还大大降低了sql注入或泄露数据库架构的风险。通过uri发送sql语句似乎会让您面临sql注入攻击。我想你可能想考虑一个参数化的查询,只需在API调用中传递参数值。如果我的查询太大,这意味着什么?要知道在URL中发送查询,因为最大URL长度是2083个字符。另外,将查询作为url参数发送是错误的解决方案,IMHONo nothing。我只是没有从http侦听器得到任何答案。如果我将发送一个较小的字符串,然后它发送它。请告诉我这不是一个面向公众的网站。。。。
HttpListener listener = new HttpListener();
listener.Prefixes.Add("http://192.168.1.15:8282/");
listener.Start();
new Thread(() =>
{
while (true)
{
HttpListenerContext context = listener.GetContext();
string methodName = Convert.ToString(context.Request.Url);
MessageBox.Show(methodName);
string Response = "Response";
HttpListenerResponse response = context.Response;
string responseString = Convert.ToString(Response);
byte[] buffer = System.Text.Encoding.UTF8.GetBytes(responseString);
response.ContentLength64 = buffer.Length;
System.IO.Stream output = response.OutputStream;
output.Write(buffer, 0, buffer.Length);
output.Close();
//MessageBox.Show(methodName);
}
}).Start();