ConnectionStringBuilder

ConnectionStringBuilder元件適用在驗證資料庫成員資格時, 他會有作用性存在. 盡可能防止在應用程式執行的非預期以及不當攻擊情況. 下面是以下相關範例代碼:
using System;
using System.Configuration;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.Common;
using System.Data.SqlClient;

namespace WA_ADONET
{
    public partial class checkconnection : System.Web.UI.Page
    {
        private const string DB_PROVIDER_NAME = "System.Data.SqlClient";

        protected void Button_Command(object sender, CommandEventArgs e)
        {
            string commandName = e.CommandName;
            switch (commandName) {
                case "Validate":
                    string account = TxtAccount.Text;
                    string password = TxtPwd.Text;
                    string server = TxtServer.Text;
                    DbProviderFactory dbProvider = DbProviderFactories.GetFactory(DB_PROVIDER_NAME);
                    SqlConnectionStringBuilder scsBuilder =
                        (SqlConnectionStringBuilder)dbProvider.CreateConnectionStringBuilder();
                   
                    scsBuilder.DataSource = server;
                    scsBuilder.UserID = account;
                    scsBuilder.Password = password;

                    //LblConnString is a Label component
                    LblConnString.Text = scsBuilder.ConnectionString;
                    break;
            }
        }
    }
}
這是呈現出來的畫面:

這是正常輸入執行的情況, 但是當可能遭遇到不當的字串注入攻擊. 透過ConnectionStringBuilder元件可以盡可能防範這個安全問題. 以下是輸入異常的數值:

你可以看到ConnectionStringBuilder會自行補上安全字元, 使其在安全性上增強, 注入式攻擊會被盡量防範.