PL/SQL¿éÖÐÈçºÎµ÷ÓÃDDLÓï¾ä
ÔÚPL/SQL¿éÖв»ÄÜÖ±½Óµ÷ÓÃDDLÓï¾ä£¬¿ÉÒÔÀûÓÃÏÂÃæµÄ·½·¨½øÐе÷ÓÃ
·½·¨Ò»£º¶¯Ì¬SQL
execute immediate 'CREATE TABLE newtable AS
SELECT *
from table_my
WHERE 1 = 2; ';
·½·¨¶þ£º
¿ÉÒÔÀûÓÃORACLEÄÚÖðüDBMS_UTILITYÖеÄEXEC_DDL_STATEMENT¹ý³Ì£¬ÓÉËüÖ´ÐÐDDLÓï¾ä¡£
BEGIN
-- ´´½¨ÓÃÓڼǼʼþÈÕÖ¾µÄÊý¾Ý±í
DBMS_UTILITY.EXEC_DDL_STATEMENT('
CREATE TABLE eventlog(
Eventname VARCHAR2(20) NOT NULL,
Eventdate date default sysdate,
Ïà¹ØÎĵµ£º
ÊìϤSQL SERVER 2000µÄÊý¾Ý¿â¹ÜÀíÔ±¶¼ÖªµÀ£¬ÆäDTS¿ÉÒÔ½øÐÐÊý¾ÝµÄµ¼Èëµ¼³ö£¬Æäʵ£¬ÎÒÃÇÒ²¿ÉÒÔʹÓÃTransact-SQLÓï¾ä½øÐе¼Èëµ¼³ö²Ù×÷¡£ÔÚTransact-SQLÓï¾äÖУ¬ÎÒÃÇÖ÷ҪʹÓÃOpenDataSourceº¯Êý¡¢OPENROWSET º¯Êý£¬¹ØÓÚº¯ÊýµÄÏêϸ˵Ã÷£¬Çë²Î¿¼SQLÁª»ú°ïÖú¡£ÀûÓÃÏÂÊö·½·¨£¬¿ÉÒÔÊ®·ÖÈÝÒ×µØʵÏÖSQL SERVER¡¢ACCESS¡¢EXCELÊý¾Ýת»»£ ......
¼Ü¹¹
¼Ü¹¹ÈÃÓû§Äܹ»½«Êý¾Ý¿â¶ÔÏó¸ù¾ÝÆäÓÃ;½øÐзÖ×飬¿É½«¼Ü¹¹ÊÓΪÊý¾Ý¿âÖжÔÏóµÄÂß¼·Ö×é¡£µ÷Óüܹ¹ÖеĶÔÏóʱ£¬ÐèҪʹÓÃÖÁÉÙ°üº¬Á©²¿·ÖµÄÃû³Æ¡£Óû§±È½ÏÊìϤdbo¼Ü¹¹£¬¶ÔÓÚ¸ø¶¨Êý¾Ý¿â£¬ËüÊÇĬÈϵļܹ¹¡£×îºóµÄ·½·¨ÊÇʹÓÃÁ©²¿·ÖÃû³ÆÀ´ÒýÓÃÊý¾Ý¿â¶ÔÏó¡£
ͬÒå´Ê
ͬÒå´ÊÔÚÊý¾Ý¿â¶ÔÏóºÍ¿Í»§¶ËÖ®¼ä´´½¨Ò»¸ö³éÏó²ã£¬ÊµÖÊÉÏËüÎ ......
Ò»°ã¹úÄÚµÄСһµãµÄÐÂÎÅÕ¾µã³ÌÐò ¶¼ÓÐ ""&request ÕâÖÖ©¶´£¬ÏÂÃæÎÒ½²½â¹¥»÷·½·¨
ÔÚµØÖ·À¸£º
and 1=1
²é¿´Â©¶´ÊÇ·ñ´æÔÚ,Èç¹û´æÔÚ¾ÍÕý³£·µ»Ø¸ÃÒ³,Èç¹ûûÓÐ,ÔòÏÔʾ´íÎ󣬼ÌÐø¼ÙÉèÕâ¸öÕ¾µÄÊý¾Ý¿â´æÔÚÒ»¸öadmin±í
ÔÚµØÖ·À¸£º
and 0<>(select count(*) from admin)
·µ»ØÒ³Õý³£,¼ÙÉè³ÉÁ¢ÁË¡£
ÏÂÃæÀ´²Â²Â¿´ ......
