Ϊʲôsql ÀïÒªÇóstring×Ö¶ÎÓõ¥ÒýºÅÒýÆðÀ´
select * from student where name=?;
Èç¹û²»Óõ¥ÒýºÅÒýÆðÀ´£¬ pstmt.setString(1,"xx or 1=1");¼´sqlÓ¦¸Ã¾ÍÊÇselect * from student where name=xx or 1=1¾Í¿ÉÒÔÈ«²¿²é³ö¡£
Ç¿ÖƵ¥ÒýºÅÒýÆðÀ´£¬select * from student where name='xx or 1=1'¡£¾ÍÎÞЧÁË¡£
ÊýÖµÐ͵ÄûÓÐÒªÇóÓõ¥ÒýºÅÒýÆðÀ´£¬Ó¦¸ÃÊÇÓÉÓÚÓÐÒ»¸öת»»¹ý³Ì°É¡£
select * from student where id=?;
pstmt.setString(1,"xx or 1=1")ת»»Ê§°Ü¡£pstmt.setInt(1,¾ÍÕâû·¨Ð´ÁË)£»
Ïà¹ØÎĵµ£º
ʵ¼ÊÓ¦ÓÃÖУ¬ÎÒÃǾ³£ÐèÒª°ÑExcelÖеÄÊý¾Ýµ¼ÈëMS SQL Server »òMySQL OracleµÈÊý¾Ý¿âÖС£ÕâЩÊý¾Ý¿â¶¼ÌṩÁ˺ܺõŤ¾ß¹©Óû§Ö±½Ó½«ExcelÖеÄÊý¾Ýµ¼ÈëÊý¾Ý¿âÖС£µ«ÊǺܶàʱºòÎÒÃDz¢²»ÄÜÖ±½Ó²Ù×÷Êý¾Ý¿â¹ÜÀíÆ÷£¨ÒòΪ°²È«ÐèÒª»áÅäÖ÷À»ðǽÀ¹½ØÊý¾Ý¿â¶Ë¿Ú£©£¬ÎÒÃÇÖ»ÄÜͨ¹ýwebÒ³Ãæ¶ÔÊý¾Ý¿â½øÐÐÔ¶³Ì²Ù×÷¡£Õâ¸öʱºò£¬½«ExcelÖеÄÊý ......
Èç¹ûÔÚSQL Server
ÀïÐèÒª¶¨Ê±»òÕßÿ¸ôÒ»¶Îʱ¼äÖ´ÐÐij¸ö´æ´¢¹ý³Ì»ò3200×Ö·ûÒÔÄÚµÄSQLÓï¾äʱ,¿ÉÒÔÓùÜÀí->SQL Server´úÀí->×÷ÒµÀ´ÊµÏÖ¡£
¡¡¡¡1¡¢¹ÜÀí->SQL Server´úÀí->×÷Òµ(°´Êó±êÓÒ¼ü)->н¨×÷Òµ->
¡¡¡¡2¡¢Ð½¨×÷ÒµÊôÐÔ(³£¹æ)->Ãû³Æ[×Ô¶¨Òå±¾´Î×÷ÒµµÄÃû³Æ]->Æô
Óõķ½¿òÄÚÊǹ´ºÅ->·ÖÀà´¦¿É ......
Ò»£ºSQL Loader µÄÌصã
oracle×Ô¼º´øÁ˺ܶàµÄ¹¤¾ß¿ÉÒÔÓÃÀ´½øÐÐÊý¾ÝµÄǨÒÆ¡¢±¸·ÝºÍ»Ö¸´µÈ¹¤×÷¡£µ«ÊÇÿ¸ö¹¤¾ß¶¼ÓÐ×Ô¼ºµÄÌص㡣
±ÈÈç˵expºÍimp¿ÉÒÔ¶ÔÊý¾Ý¿âÖеÄÊý¾Ý½øÐе¼³öºÍµ¼³öµÄ¹¤×÷£¬ÊÇÒ»ÖֺܺõÄÊý¾Ý¿â±¸·ÝºÍ»Ö¸´µÄ¹¤¾ß£¬Òò´ËÖ÷ÒªÓÃÔÚÊý¾Ý¿âµÄÈȱ¸·ÝºÍ»Ö¸´·½Ãæ¡£ÓÐ×ÅËٶȿ죬ʹÓüòµ¥£¬¿ì½ÝµÄÓŵ㣻ͬʱҲÓÐһЩȱµ ......
