SQL ×¢È붶´Ïà¹Ø֪ʶÕûÀí

 ÉÏÉϸöÐÇÆÚ£¬ÓÐÈË·´À¡£¬CSDNÓÐSQL×¢È붶´£¬º¹ÑÕ£¬¼¸ÄêǰΪSQL×¢È붶´£¬²¿ÃÅרÃŶÔËùÓдúÂë×ö¹ýÒ»´Î·Ç³£´óµÄ¼ì²é£¬¾¹È»ÄǴμì²é»¹ÓÐÒÅ©µÄµØ·½¡£×î½üÕ⼸¸öÐÇÆÚ£¬¾ÍÊÇÒ»Ö±ÔÙ¶Ô´úÂë×öÔٴθ´²é£¬¿´ÓÐûÓÐSQL×¢È붶´¡£
        ´æÔÚSQL×¢È붶´£¬¾ÍÒòΪÄãµÄSQLÓï¾äÊÇ×Ô¼ºÆ´´ÕµÄ£¬ÔÚÆ´´ÕµÄʱºò£¬Ã»Óп¼ÂÇÓû§¿ÉÄÜÆ´´Õ½øÓÐÎÊÌâµÄÓï¾äÔì³ÉµÄ¡£
        Ö®Ç°ÎÒÃDzÉÈ¥µÄ±ÜÃâ´ëÊ©ÊÇ£¬¶Ô½ÓÊܵIJÎÊýµÄУÑé½øÐзâ×°£¬ËùÓвÎÊýµÄ»ñµÃ£¬¶¼±ØÐëͨ¹ýÕâ¸ö·â×°µÄº¯ÊýÀ´»ñµÃ¡£µ«ÊÇʵ¼Ê¿ª·¢ÖУ¬×ÜÓÐЩµØ·½£¬ÓÐЩ´úÂëûÓе÷ÓÃÕâ¸ö·â×°µÄº¯ÊýÀ´½øÐÐУÑé¡£
        ÉÏÖÜÄ©£¬¹«Ë¾ÄÚ²¿ÌÖÂÛ»áµÄʱºò£¬¾ö¶¨»»ÖÖ˼·¡£´Ó±ÜÃâ×Ô¼ºÆ´´ÕSQLÓï¾äµÄ·½Ê½À´ÊµÏÖ£¬¾ßÌå¾ÍÊÇ¿ª·¢¹æ·¶ÖÐÓÐÒ»Ìõ£¬²»ÔÊÐíÓÃÆ´´ÕµÄSQLÓï¾ä£¬Òª´«²ÎÊý£¬¾ÍÓÃSqlParameter¡£±ÈÈçÏÂÃæµÄ´úÂëÊDz»ÔÊÐíµÄ¡£
string strSQL = "select UserID,UserName,Email from User where UserName = '"+aa.replace("'","''")+"'";
SqlDataReader sdr = SqlHelper.ExecuteReader(strConnStr,CommandType.Text,strSQL)
¶øÏÂÃæµÄ´úÂëÊÇÔÊÐíµÄ£º
SqlParameter[] parm1 = new SqlParameter[]{
 new SqlParameter("@UserName",SqlDbType.NVarChar,50)
 };
parm1[0].Value = strUserName;
string strSQL = "select UserID,UserName,Email from user where UserName = @UserName ";
SqlDataReader sdr = SqlHelper.ExecuteReader(strConnStr,CommandType.Text,strSQL,parm1)
Ô­Òò£ºSqlParameter »á×Ô¶¯´¦Àí²ÎÊýµÄУÑ飬¾ÍÀàËÆʹÓô洢¹ý³ÌÊDz»»á³öÏÖSQL×¢È붶´µÄÎÊÌâÒ»Ñù¡£
һЩSQL×¢ÈëÓйصÄ֪ʶµã£º
ÈçºÎSQL×¢È룺
http://www.54nb.com/Read.Asp?ID=1451672&Type=71
SQL×¢ÈëÖÐÓÐÓõļ¸¸öSQLÓï¾ä
[N] = µÚN個±í
ID=1 and (Select top 1 name from(Select top [N] id,name from sysobjects where xtype=char(85)) T order by id desc)>1
[T] = ±íÃû
[N] = µÚN個×Ö¶Î
ID=1 and (Select Top 1 col_name(object_id('[T]'),[N]) from sysobjects)>1
SQL×¢Èë±íÃûºÍ×Ö¶ÎÃûµÄ»ñµÃ