sql×¢ÈëÍ»Æƹؼü×Ö¹ýÂË
Ò»Ö±ÒÔÀ´¶¼ÒÔΪֻÓпոñ£¬tab¼üºÍ×¢ÊÍ·û/**/¿ÉÒÔÓÃÀ´Çиîsql¹Ø¼ü×Ö£¬¶Îʱ¼ä
ÔÚа°Ë¿´ÁË·çѸcms×¢È멶´ÄÇƪÌû×Ó£¬²ÅÖªµÀÔÀ´»Ø³µÒ²¿ÉÒÔÓÃÀ´×÷Ϊ·Ö¸î·û£¨
ÒÔÇ°¾¹È»Ã»ÓÐÏëµ½£¬ÕæÊÇʧ°Ü£©¡£»Ø³µµÄasciiÂëÊÇchr(13)&chr(10)£¬ÖÁÓÚΪʲ
ôҪÁ½¸öÁ¬ÔÚÒ»Æð£¬Õâ¸öÎÒÒ²²»ÖªµÀ¡£×ª»»³Éurl±àÂëÐÎʽÊÇ%0d%0a£¬ÓÚÊǾͿÉÒÔ
ÓÃ%0d%0a´úÌæ¿Õ¸ñpassһЩ¹ýÂË¿Õ¸ñµÄ¼ì²éÁË¡£
ÒýÉêһϣ¬Ö»ÓÃ%0dÄÜÕý³£Ö´ÐÐÓï¾äÂð£¿Ö»ÓÃ%0aÄØ£¿²âÊÔÖ¤Ã÷£¬ÓÃÈÎÒâÒ»ÖÖ·Ö¸î
ÔÚmssql¡¢mysqlºÍaccessÀïÃ涼ÊÇ¿ÉÒԵġ£
ÁíÍ⣬¹ØÓÚmssqlµÄ¶àÓï¾äÎÊÌâ¡£ÎÒÒÔÇ°Ò»Ö±ÒÔΪ±ØÐëÓ÷ֺÅ×÷ΪÓï¾äµÄ½á⣬ºó
À´·¢ÏÖ£¬ÍêÈ«²»ÊÇÄÇÑù¡£ÀàËÆ
Copy code
select * from table exec xp_cmdshell'xxxxxxxxxx'
select * from table/**/exec xp_cmdshell'xxxxxxxxxx'
select * from table|---tab---|exec xp_cmdshell'xxxxxxxxxx'
select * from table|---enter---|exec xp_cmdshell'xxxxxxxxxx'
µÄÓï¾ä¶¼ÊÇ¿ÉÒÔÕý³£Ö´Ðеġ£¶øÎÒÒÔÇ°¾¹È»Ò»Ö±²»ÖªµÀ£¡²»¹ýÕâ¸öòËƸúÁ¬½ÓÊý
¾Ý¿âÇý¶¯ÓйØϵ£¬odbc¿ÉÒÔÕý³£Ö´ÐУ¬sqloledbµÄ»°¾Í»á±¨´í¡£ÓÐÐËȤµÄ¼ÌÐøÑÐ
¾¿°É
ÕâÑù£¬ÒÔºóÓöµ½´ø¿Õ¸ñ¹ýÂ˹ؼü×ÖµÄÀ¹½Ø³ÌÐò£¬ÓÖ¿ÉÒÔ·¢»Ó·¢»ÓÁË
¿ÉÄÜ´ó¼ÒÔç¾ÍÖªµÀÁË£¬²»¹ÜÔõô˵£¬·¢ÔÚÕâÀï°É£¡
×î½üÏëÆð¿ÉÄÜ»¹ÓÐЩasciiÂë¿ÉÒÔÓÃÀ´ÔÚsqlÓï¾äÖдúÌæ¿Õ¸ñ£¬ÓÚÊÇд¸ö½Å±¾²âÊÔ
ÁËһϣ¬½á¹ûÔÚËùÓÐ128¸öµÍλascii×Ö·ûÖУ¬chr(12)Ò²¿ÉÒÔÔÚaccessÀïÓ㬲»¹ý
òËÆchr(12)²»ÄܳöÏÖÔÚand¡¢orÖ®ÀàµÄ¹Ø¼ü´Ê¸½½ü£¬ÔÒò²»Çå³þ¡£mysqlÖбÈ
access¶àÒ»¸öchr(11)¿ÉÒÔ¡£ÖÁÓÚmssql£¬ÍÚÈÕ£¬Ö±½Ó´Ó1µ½32µÄasciiÂë»»³É×Ö·û
ºó¶¼¿ÉÒÔÕý³£Ê¹Óá£
Ïà¹ØÎĵµ£º
2¡¢sql express °²×° Èç¹ûÔÚXPÏ£¬Ö±½ÓË«»÷°²×°¾ÍºÃÁË¡£ ÏÈ°²×° [ÔÚvistaÏÂÈç¹ûÖ±½ÓË«»÷¿ÉÄÜ»á³öÏÖ °²×°sql server express ³ö´í29506 ] [Vista°²×°µÄʱºò£¬ÐèҪʹÓá°ÒÔ¹ÜÀíÔ±Éí·ÝÔËÐС±°²×°] SQLServer2005_SSMSEE.msi°²×°½áÊø studioÒѾ°²×°ÉÏÈ¥£¬µ«ÊÇÄãÓÐûÓз¢ÏÖ£¬°²×°sqlµÄʱºòûÓз¢ÏÖÓÐÓû§saµÄà ......
1¡¢Óëgroup by´îÅäʹÓõĺ¯Êý
ÔÚÊý¾Ý¿âÖУ¬ÎÒÃÇ¿ÉÒÔʹÓÃGROUP BYº¯Êý°ÑÊý¾Ý×éºÏÔÚÒ»Æ𣬴Ӷø»ñµÃ×ܼÆÐÅÏ¢¡£¿ÉÒ԰Ѵ˹¦ÄÜ¿´³ÉÊÇÒ»ÖÖµ±Êý¾Ý´ÓÊý¾Ý¿âÖзµ»Øʱ°ÑÏàͬÀàÐ͵ÄÐÅÏ¢¼¯Öе½Ò»ÆðµÄÄÜÁ¦¡£ÏÂÃæ¸ø³öÁËÍêÕûÁÐ±í¡£
avg([distinct]column_name)
ÇóËùÓйÍԱнˮµÄƽ¾ùÖµ¡£
select AVG(emp_salary)
from employee;
ÇóÈ¡c ......
ID int identity(1,1) primary key ×Ô¶¯Ôö³¤,Ö÷¼ü
EXEC sp_rename 'login_info','PDI_login_info' Ö´Ðд洢¹ý³Ì sp_rename , ½«login_info±íÃû ¸ü¸ÄΪ PDI_login_info
SET XACT_ABORT {ON|OFF} Èç¹ûÊÂÎñÖз¢Éú´íÎó£¬on Ôò»áÖÕÖ¹Õû¸öÊÂÎñµÄÖ´ÐУ¬Èç¹ûOFF£¬¼ÌÐø´íÎóµÄÏÂÃæÒ»¾ä
SET &nbs ......
character-set-server = GB2312
collation-server = latin1_general_ci
MySQL×Ö·û¼¯ GBK¡¢GB2312¡¢UTF8Çø±ð ½â¾ö MYSQLÖÐÎÄÂÒÂëÎÊÌâ ÊÕ²Ø
MySQLÖÐÉæ¼°µÄ¼¸¸ö×Ö·û¼¯
character-set-server/default-character-set£º·þÎñÆ÷×Ö·û¼¯£¬Ä¬ÈÏÇé¿öÏÂËù²ÉÓõġ£
character-set-database£ºÊý¾Ý¿â×Ö·û¼¯¡£
character-set-table£ºÊ ......
1 £¬¶ÔÓÚÈÕÆÚ×Ö¶Î×Ö¶Î
access±íʾΪ£º#1981-28-12#
SQLSERVER2000±íʾΪ£º''1981-02-12''
2,SQLÓï¾äÇø±ð£¬select ,update ÔÚ¶Ôµ¥±í²Ù×÷ʱ¶¼²î²»¶à£¬
µ«¶à±í²Ù×÷ʱupdateÓï¾äµÄÇø±ðACCESSÓëSQLSERVERÖеÄUpdateÓï¾ä¶Ô±È:
SQLSERVERÖиüжà±íµÄUpdateÓï¾ä:
Update Tab1
SET a.Name = b.Name
from Tab1 a,Tab2 b
Whe ......
