Ò׽ؽØͼÈí¼þ¡¢µ¥Îļþ¡¢Ãâ°²×°¡¢´¿ÂÌÉ«¡¢½ö160KB

Èç¹û´æ´¢¹ý³ÌÊÇÆ´µÄSQL£¬ÄÇôҪ·ÀÖ¹×¢È룬Ôõô°ì£¿

ÊDz»ÊÇÖ»ÄÜÔÚÖ´Ðд洢¹ý³Ì֮ǰÌæ»»µôÃô¸Ð×Ö·ûÁË£¿
Ó¦¸ÃÊǵģ¬¿ÉÒÔÓÃÕýÔòÈ¥Ìæ»»
ÒýÓÃ
Ó¦¸ÃÊǵģ¬¿ÉÒÔÓÃÕýÔòÈ¥Ìæ»»


µÃ´ç½ø³ßµÄÎÊÏ£¬³ýÁËÌæ»»µ¥ÒýºÅ£¬»¹ÐèÒªÌæ»»ÄÄЩÄØ£¿Ð»Ð»~
C# code:

ÎÒ×Ô¼ºÒ»Ö±ÊÇÕâôдµÄ£¬Ï£Íû¶ÔÄãÓÐÆô·¢
#region ¹ýÂË×Ö·û
/// <summary>
/// ¾ßÌåÇé¿öÀ´¶¨Òª¹ýÂ˵Ä×Ö·û
/// </summary>
/// <param name="param">Òª¹ýÂ˵Ä×Ö·û</param>
public static string CheckSaftParam(string param)
{

param = param.Replace("net user", "");
param = param.Replace("xp_cmdshell", "");
param = param.Replace("/add", "");
param = param.Replace("exec%20master.dbo.xp_cmdshell", "");
param = param.Replace("net localgroup administrators", "");
param = param.Replace("select", "");
param = param.Replace("'", "''");
param = param.Replace("insert", "");
param = param.Replace("delete", "");
param = param.Replace("drop", "");
param = param.Replace("truncate", "");


Ïà¹ØÎÊ´ð£º

ÇóSQL£¿

´ó¼ÒºÃ£¬ÇëÎÊÔÚ±íMÖÐÓÐ×ֶΣºa b c d e 
ÎÒÏë²é³öÆäÖÐÂú×ãÏÂÃæÈÎÒâÒ»ÏîµÄÊý¾Ý£¬1.×Ö¶Îa µÄÖµ²»ÊÇ ¡®Êé»ò±Ê»ò±¾¡¯ÖÐÈÎÒ»£¬2.aΪÊéµÄʱºò×Ö¶Îb,cÊÇ¿Õ;3.µ±aֵΪ±ÊµÄʱºòdÊÇ¿Õ;4.µ±aΪ±¾µÄʱºòb,d,e¶¼ÊÇ¿Õ;5.È ......

ÇóSQLÓï¾ä¿ØÖÆÒ»ÁеÄÖµ

ÄÄλ¸ßÊÖÌṩһ¸öSQlÓï¾ä£¬¿ØÖƱíÖÐÖ¸¶¨ÁеÄÖµ±ØÐëÊÇÕýÊý£¿
ÔÚ³ÌÐòÀïÃæÅжϲ»ºÃÂ𣿣¿

Äã¿ÉÒÔÔÚ½¨±íµÄʱºòÓÃcheckÔ¼Êø±íÖеĸÃ×Ö¶Îѽ£¡
È磺
create table tab_name£¨
name varchar2(20),
age numbe ......

sql×Ö·û´®Ìæ»»(ÓеãÌôÕ½···)

±ÈÈç ÓÐÒ»×Ö¶ÎΪ£º
Num
6111
6201
6520
65121
60087
46300

ÎÒÏë°Ñ6¿ªÍ·µÄÈ«¶¼Ìæ»»³É5¿ªÍ·

×¢ÒâÕâÊDZíÀïµÄÊý¾Ý£¬ÎÒÏëÓÃSQLÓï¾äʵÏÖÌæ»»
SQL code:
update tb set
num = s ......

ÇóÖúÒ»¾äSQLÓï¾ä

Êý¾ÝÀàÐÍ£º
Code char(6)
CreateTime datetime
Price float

Êý¾ÝÈçÏ£º

Code      CreateTime          Price
031021 2008-10-17 15:00:1 ......

sql server ´æ´¢¹ý³ÌÑ­»·¸³ÖµµÄÎÊÌâ

СµÜÊǸöÐÂÊÖ ÏÖÔÚÓиöÎÊÌâÒ»Ö±²»Äܽâ¾ö
ÀýÈç
procedure produce_proc
    @p001 nvarchar(8000),
    @p002 nvarchar(8000),
    @p003 nvarchar(8000),
  & ......
© 2009 ej38.com All Rights Reserved. ¹ØÓÚE½¡ÍøÁªÏµÎÒÃÇ | Õ¾µãµØͼ | ¸ÓICP±¸09004571ºÅ