C#.NET·ÀÖ¹SQL×¢Èëʽ¹¥»÷
1 ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£© #region ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£©
2
3 /**/ ///
4 /// ÅжÏ×Ö·û´®ÖÐÊÇ·ñÓÐSQL¹¥»÷´úÂë
5 ///
6 /// ´«ÈëÓû§Ìá½»Êý¾Ý
7 /// true-°²È«£»false-ÓÐ×¢Èë¹¥»÷ÏÖÓУ»
8 public bool ProcessSqlStr( string inputString)
9 {
10 string SqlStr = @" and|or|exec|execute|insert|select|delete|update|alter|create|drop|count|\*|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net +localgroup +administrators " ;
11 try
12 {
13 if ((inputString != null ) && (inputString != String.Empty))
14 {
15 string str_Regex = @" \b( " + SqlStr + @" )\b " ;
16
17 Regex Regex = new Regex(str_Regex, RegexOptions.IgnoreCase);
18 // string s = Regex.Match(inputString).Value;
19 if ( true == Regex.IsMatch(inputString))
20 return false ;
21
22 &
Ïà¹ØÎĵµ£º
ÓÉÓÚÐèҪʵÏÖÒÔϹ¦ÄÜ£º
Íø¹Øͨ¹ý´®¿Ú·¢ËÍÊý¾Ý¸øPC»ú£¬PC»úÊÕ¼¯Êý¾Ý²¢½âÎö±£´æµ½MySQLÖУ¬È»ºóJSPÒ³Ãæ¶ÁÈ¡MySQLÖеÄÊý¾Ý²¢ÏÔʾ¡£
ËùÒÔÀûÓÃC#Á¬½ÓMySQLÊý¾Ý³ÉΪÁ˱ØÐëÒª¾¹ýµÄ¹ý³Ì£¬Ôڴ˸øÓèÏêϸµÄ˵Ã÷¡£
1¡¢ÏÂÔØÐèÒªµÄÎļþMySQLDriverCS£¬ÏÂÔصØַΪ£ºhttp://sourceforge.net/projects/mysqldrivercs
2¡¢°²×°Îļþ£ºMySQ ......
ÔÎĵØÖ·£ºhttp://www.eygle.com/case/Use.sql_trace.to.Diagnose.database.htm
SQL_TRACEÊÇOracleÌṩµÄÓÃÓÚ½øÐÐSQL¸ú×ÙµÄÊֶΣ¬ÊÇÇ¿ÓÐÁ¦µÄ¸¨ÖúÕï¶Ï¹¤¾ß.ÔÚÈÕ³£µÄÊý¾Ý¿âÎÊÌâÕï¶ÏºÍ½â¾öÖУ¬SQL_TRACEÊǷdz£³£Óõķ½·¨¡£
±¾ÎľÍSQL_TRACEµÄʹÓÃ×÷¼òµ¥Ì½ÌÖ£¬²¢Í¨¹ý¾ßÌå°¸Àý¶Ôsql_traceµÄʹÓýøÐÐ˵Ã÷.
Ò»¡¢ »ù´¡½éÉÜ
(a) ......
1 MySQLÖ§³Öenum,ºÍsetÀàÐÍ£¬SQL Server²»Ö§³Ö
¡¡¡¡2 MySQL²»Ö§³Önchar,nvarchar,ntextÀàÐÍ
¡¡¡¡3 MySQLµÄµÝÔöÓï¾äÊÇAUTO_INCREMENT£¬¶øMS SQLÊÇidentity(1,1)
¡¡¡¡4 MS SQLĬÈϵ½´¦±í´´½¨Óï¾äµÄĬÈÏÖµ±íʾÊÇ((0)),¶øÔÚMySQLÀïÃæÊDz»ÔÊÐí´øÁ½À¨ºÅµÄ
¡¡¡¡5 MySQLÐèҪΪ±íÖ¸¶¨´æ´¢ÀàÐÍ
¡ ......
ÔÚWhere×Ó¾äÖУ¬¿ÉÒÔ¶Ôdatetime¡¢char¡¢varchar×Ö¶ÎÀàÐ͵ÄÁÐÓÃLike×Ó¾äÅäºÏͨÅä·ûÑ¡È¡ÄÇЩ“ºÜÏñ...”µÄÊý¾Ý¼Ç¼£¬ÒÔÏÂÊÇ¿ÉʹÓõÄͨÅä·û£º
% Áã»òÕ߶à¸ö×Ö·û
_ µ¥Ò»ÈκÎ×Ö·û£¨Ï»®Ïߣ©
\ ÌØÊâ×Ö·û
[] ÔÚijһ·¶Î§ÄÚµÄ×Ö·û£¬Èç ......
