string query = string.Format("select * from {0} where {1}='{2}'", "tblMyTable", "myColumn", 0);

是您的意思吗?

Is that what you meant?

请参阅以下内容:

http://usingaspdotnet.blogspot.in/2011/03/multiple-querystring-in- aspnet.html [ ^ ]

http://forums.asp.net/t/1256436.aspx/1 [ ^ ]

在request.querystring中传递多个值 [

Refer these:

http://usingaspdotnet.blogspot.in/2011/03/multiple-querystring-in-aspnet.html[^]

http://forums.asp.net/t/1256436.aspx/1[^]

passing multiple values in request.querystring[^]

您是在谈论在查询字符串中传递多个参数吗?如果是这样，您所需要做的就是使用

Are you talking about passing multiple parameters in a query string? If you are, all you need to do is append them to the query string using the format

&key=value

格式将它们附加到查询字符串中，这看起来很简单，但是就足够了吗?嗯，不-要理解的重要一点是查询字符串是URL的一部分，因此这意味着您需要对值进行编码(而不使用无效的键). .NET提供了方便的HttpUtility.UrlEncode，您应该在这些值上使用它们以确保它们适合传递-不要忘记在接收端使用HttpUtility.UrlDecode对其进行解码.

问题是，您是否真的应该使用查询字符串?查询字符串代表针对您的系统的攻击点.我的意思是，这是黑客"可以用来针对您的网站寻找漏洞和漏洞的另一个区域.有几种著名的查询字符串攻击*，因此您确实需要认真考虑一下这是否适合您的机制，或者是否***使用会话值等替代机制来操作您的站点.我无法为您回答这个问题-只有您知道您的要求，这样您才能***地判断它是否合适.

*其中一些漏洞包括:缓冲区溢出攻击，代码注入.

Okay, that seems straightforward enough, but is it enough? Well no - the important thing to understand is that the query string is part of the URL, so this means that you need to encode your values (and not use invalid keys). .NET provides the handy HttpUtility.UrlEncode which you should use on the values to ensure that they are suitable for passing across - don''t forget to decode them at the receiving end with HttpUtility.UrlDecode.

The question is, should you really use query strings? A query string represents a point of attack against your system. By this I mean that it is another area that "hackers" can use to target your website looking for vulnerabilities, and loopholes to exploit. There are several famous query string attacks*, so you really need to think long and hard about whether this is the appropriate mechanism for you, or whether you would be better using alternate mechanisms such as session values to operate your site. I can''t answer this for you - only you know your requirements so you are best placed to judge whether or not it''s appropriate.

*a couple of the vulnerabilities include: buffer overflow attacks, code injection.