MySQL·À×¢Èë
·ÀÖ¹×¢ÈëµÄ¼¸ÖÖ°ì·¨
ÆäʵÔÀ´¾ÍÊÇÎÒÃÇÐèÒª¹ýÂËһЩÎÒÃdz£¼ûµÄ¹Ø¼ü×ֺͷûºÏÈ磺
Select£¬insert£¬update£¬delete£¬and£¬*£¬µÈµÈ
function inject_check($sql_str) {
return eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file
|outfile', $sql_str);
}
»òÕßÊÇͨ¹ýϵͳº¯Êý¼äµÄ¹ýÂËÌØÊâ·ûºÅ
Addslashes£¨ÐèÒª±»¹ýÂ˵ÄÄÚÈÝ£©
Ïà¹ØÎĵµ£º
(1)
Íâ¼üµÄʹÓÃ:
Íâ¼üµÄ×÷ÓÃ,Ö÷ÒªÓÐÁ½¸ö:
Ò»¸öÊÇÈÃÊý¾Ý¿â×Ô¼ºÍ¨¹ýÍâ¼üÀ´±£Ö¤Êý¾ÝµÄÍêÕûÐÔºÍÒ»ÖÂÐÔ.
Èç:
ÓбíA,±íBÖÐÒ»×Ö¶ÎÊDZíAijһ×ֶεÄÍâ¼ü.µ±É¾³ý±íA¼Ç¼ʱ,±íBÏàÓ¦¼Ç¼»á×÷ÏàÓ¦´¦Àí(ɾ³ý/»òÉèÖÃÍâ¼üÁÐΪNULL).µ«Èôɾ³ý±íB¼Ç¼,±íAµÄ¼Ç¼,Ôò²»»áÊÜÓ°Ïì!
Ò»¸ö¾ÍÊÇÄܹ»Ôö¼ÓERͼµÄ¿É¶ÁÐÔ
&nbs ......
ʹÓÃÁÙʱ±íµÄºÃ´¦£º
ʹÓÃÁÙʱ±í´æ·ÅÖмä½á¹û,¼ÓËÙ²éѯ£¬»ò´æ·ÅÁÙʱ½á¹û.
(1)
´´½¨ÁÙʱ±íºÜÈÝÒ×£¬¸øÕý³£µÄCREATE TABLEÓï¾ä¼ÓÉÏTEMPORARY¹Ø¼ü×Ö£º
CREATE TEMPORARY TABLE tmp_table (
name VARCHAR(10) NOT NULL,
value INTEGER NOT NULL
)
(2)
ÁÙʱ±í½«ÔÚÄãÁ¬½ÓMySQLÆÚ¼ä´æÔÚ¡£µ±Äã¶Ï¿ªÊ±£¬MySQL ......
µ¼³ö
select field1,field2,field3 from tablename into outfile '/home/output1.csv' fields terminated by ','optionally enclosed by ''lines terminated by '\n';
µ¼Èë
load data local infile '/home/output1.csv' into table tablename fields terminated by ','lines terminated by '\n'(field1,f ......
ÔÚÏò´ó¼ÒÏêϸ½éÉÜLinux mysql֮ǰ£¬Ê×ÏÈÈôó¼ÒÁ˽âÏÂLinux mysql£¬È»ºóÈ«Ãæ½éÉÜLinux mysql£¬Ï£Íû¶Ô´ó¼ÒÓÐÓá£
1. Linux mysql°²×°£º
$ yum install mysql-server
2. Linux mysqlÐÞ¸ÄrootÃÜÂ룺
$ mysqladmin -u root password
your_new_passwd
3. Æô¶¯Linux mysql·þÎñ
$ /etc/init.d/mysqld start
4. Ìí¼ÓΪϵͳ· ......
È¡µÃÎÄÕ¹ؼü×ÖΪkeywords
±ínewsµÄ¹Ø¼ü×Ö×Ö¶ÎΪkeyword
keywords=keywords.replace(',','|');
String sql="SELECT * from news WHERE keyword REGEXP '"+keywords+"' ORDER BY id ";
ÓÉÓÚijЩÔÒò£¬ÓÐʱºòÎÒÃÇûÓа´ÕÕ·¶Ê½µÄÉè¼Æ×¼Ôò¶ø°ÑһЩÊôÐԷŵ½Í¬Ò»¸ö×Ö·û´®×Ö¶ÎÖС£±ÈÈç¸öÈËÐËȤ£¬ÓÐʱºòÎÒÃÇÉè¼Æ±íΪ
cr ......
