SQL×¢Èë¹¥»÷
SQL×¢Èë¹¥»÷ÊǺڿͶÔÊý¾Ý¿â½øÐй¥»÷µÄ³£ÓÃÊÖ¶ÎÖ®Ò»¡£Ëæ×ÅB/SģʽӦÓÿª·¢µÄ·¢Õ¹£¬Ê¹ÓÃÕâÖÖģʽ±àдӦÓóÌÐòµÄ³ÌÐòÔ±Ò²Ô½À´Ô½¶à¡£µ«ÊÇÓÉÓÚ³ÌÐòÔ±µÄˮƽ¼°¾ÑéÒ²²Î²î²»Æ룬Ï൱´óÒ»²¿·Ö³ÌÐòÔ±ÔÚ±àд´úÂëµÄʱºò£¬Ã»ÓжÔÓû§ÊäÈëÊý¾ÝµÄºÏ·¨ÐÔ½øÐÐÅжϣ¬Ê¹Ó¦ÓóÌÐò´æÔÚ°²È«Òþ»¼¡£Óû§¿ÉÒÔÌá½»Ò»¶ÎÊý¾Ý¿â²éѯ´úÂ룬¸ù¾Ý³ÌÐò·µ»ØµÄ½á¹û£¬»ñµÃijЩËûÏëµÃÖªµÄÊý¾Ý£¬Õâ¾ÍÊÇËùνµÄSQL Injection£¬¼´SQL×¢Èë¡£SQL×¢ÈëÊÇ´ÓÕý³£µÄWWW¶Ë¿Ú·ÃÎÊ£¬¶øÇÒ±íÃæ¿´ÆðÀ´¸úÒ»°ãµÄWebÒ³Ãæ·ÃÎÊûʲôÇø±ð£¬ËùÒÔÄ¿Ç°ÊÐÃæµÄ·À»ðǽ¶¼²»»á¶ÔSQL×¢Èë·¢³ö¾¯±¨£¬Èç¹û¹ÜÀíԱû²é¿´IISÈÕÖ¾µÄÏ°¹ß£¬¿ÉÄܱ»ÈëÇֺܳ¤Ê±¼ä¶¼²»»á·¢¾õ¡£µ«ÊÇ£¬SQL×¢ÈëµÄÊÖ·¨Ï൱Áé»î£¬ÔÚ×¢ÈëµÄʱºò»áÅöµ½ºÜ¶àÒâÍâµÄÇé¿ö£¬ÐèÒª¹¹ÔìÇÉÃîµÄSQLÓï¾ä£¬´Ó¶ø³É¹¦»ñÈ¡ÏëÒªµÄÊý¾Ý¡£
¡¡¡¡SQL×¢Èë¹¥»÷µÄ×ÜÌå˼·
¡¡¡¡··¢ÏÖSQL×¢ÈëλÖã»
¡¡¡¡·ÅжϺǫ́Êý¾Ý¿âÀàÐÍ£»
¡¡¡¡·È·¶¨XP_CMDSHELL¿ÉÖ´ÐÐÇé¿ö
¡¡¡¡··¢ÏÖWEBÐéÄâĿ¼
¡¡¡¡·ÉÏ´«ASPľÂí£»
¡¡¡¡·µÃµ½¹ÜÀíԱȨÏÞ£»
¡¡¡¡SQL×¢Èë¹¥»÷µÄ²½Öè
¡¡¡¡Ò»¡¢SQL×¢È멶´µÄÅжÏ
¡¡¡¡Ò»°ãÀ´Ëµ£¬SQL×¢ÈëÒ»°ã´æÔÚÓÚÐÎÈ磺HTTP://xxx.xxx.xxx/abc.asp?id=XXµÈ´øÓвÎÊýµÄASP¶¯Ì¬ÍøÒ³ÖУ¬ÓÐʱһ¸ö¶¯Ì¬ÍøÒ³ÖпÉÄÜÖ»ÓÐÒ»¸ö²ÎÊý£¬ÓÐʱ¿ÉÄÜÓÐN¸ö²ÎÊý£¬ÓÐʱÊÇÕûÐͲÎÊý£¬ÓÐʱÊÇ×Ö·û´®ÐͲÎÊý£¬²»ÄÜÒ»¸Å¶øÂÛ¡£×ÜÖ®Ö»ÒªÊÇ´øÓвÎÊýµÄ¶¯Ì¬ÍøÒ³ÇÒ´ËÍøÒ³·ÃÎÊÁËÊý¾Ý¿â£¬ÄÇô¾ÍÓпÉÄÜ´æÔÚSQL×¢Èë¡£Èç¹ûASP³ÌÐòԱûÓа²È«Òâʶ£¬²»½øÐбØÒªµÄ×Ö·û¹ýÂË£¬´æÔÚSQL×¢ÈëµÄ¿ÉÄÜÐԾͷdz£´ó¡£
¡¡¡¡ÎªÁËÈ«ÃæÁ˽⶯̬ÍøÒ³»Ø´ðµÄÐÅÏ¢£¬Ê×Ñ¡Çëµ÷ÕûIEµÄÅäÖᣰÑIE²Ëµ¥-¹¤¾ß-InternetÑ¡Ï߼¶£ÏÔʾÓѺÃHTTP´íÎóÐÅϢǰÃæµÄ¹´È¥µô¡£
¡¡¡¡ÎªÁË°ÑÎÊÌâ˵Ã÷Çå³þ£¬ÒÔÏÂÒÔHTTP://xxx.xxx.xxx/abc.asp?p=YYΪÀý½øÐзÖÎö£¬YY¿ÉÄÜÊÇÕûÐÍ£¬Ò²ÓпÉÄÜÊÇ×Ö·û´®¡£
¡¡¡¡1¡¢ÕûÐͲÎÊýµÄÅжÏ
¡¡¡¡µ±ÊäÈëµÄ²ÎÊýYYΪÕûÐÍʱ£¬Í¨³£abc.aspÖÐSQLÓï¾äÔò´óÖÂÈçÏ£º
¡¡¡¡select * from ±íÃû where ×Ö¶Î=YY£¬ËùÒÔ¿ÉÒÔÓÃÒÔϲ½Öè²âÊÔSQL×¢ÈëÊÇ·ñ´æÔÚ¡£
¡¡¡¡¢ÙHTTP://xxx.xxx.xxx/abc.asp?p=YY’(¸½¼ÓÒ»¸öµ¥ÒýºÅ)£¬´Ëʱabc.ASPÖеÄSQLÓï¾ä±ä³ÉÁË
¡¡¡¡select * from ±íÃû where ×Ö¶Î=YY’£¬abc.aspÔËÐÐÒì³££»
¡¡¡¡¢ÚHTTP://xxx.xxx.xxx/abc.asp?p=YY and 1=1, abc.aspÔËÐÐÕý³££¬¶øÇÒÓëHTTP://xxx.xxx.xxx/abc.asp?p=YYÔËÐнá¹ûÏàͬ£»
¡¡¡¡¢ÛHTTP://xxx.xxx.xxx/abc.asp?p=Y
Ïà¹ØÎĵµ£º
Ç°¶Îʱ¼ä×öÁËÒ»¸öÐéÄâ×éÖ¯µÄ´´½¨¡£Õâ¸öÐéÄâ×éÖ¯µÄ´´½¨ÊÇ´ÓÏÖÓеÄ×éÖ¯ÖжÁÈ¡Êý¾ÝÈ»ºó½øÐзÖÎö±£´æµ½ÐéÄâ×éÖ¯±íÖС£±£´æÖ®ºóдÈÕÖ¾·½±ãͬ²½µ½ÆäËüϵͳÖС£¹«Ë¾Ê¹ÓõÄÖ÷Òª¼¼ÊõÊÇSSH¡£ÓÉÓÚÊÇÐÂÈËûÓÐʲô¾Ñ飬¼Ó֮ʱ¼ä±È½Ï½ôÆÈ£¬×îºóʹÓÃÒ»°ãµÄÂ߼˼Ïëͨ¹ýµÝ¹éÔÚhibernateÏÂ˳Àû´´½¨ÁË¡£¿ÉÊÇ´ÓÏÖÓеÄ×éÖ¯Ö ......
C# SQLÊý¾Ý¿â²Ù×÷ͨÓÃÀà
using System;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Collections;
namespace Framework.DataBase
{
///
/// ͨÓÃÊý¾Ý¿âÀà
///
public class DataBase
{
private string ConnStr = null;
public DataBase()
{
&nb ......
asc °´ÉýÐòÅÅÁÐ
desc °´½µÐòÅÅÁÐ
ÏÂÁÐÓï¾ä²¿·ÖÊÇMssqlÓï¾ä£¬²»¿ÉÒÔÔÚaccessÖÐʹÓá£
SQL·ÖÀࣺ
DDL—Êý¾Ý¶¨ÒåÓïÑÔ(Create£¬Alter£¬Drop£¬DECLARE)
DML—Êý¾Ý²Ù×ÝÓïÑÔ(Select£¬Delete£¬Update£¬Insert)
DCL—Êý¾Ý¿ØÖÆÓïÑÔ(GRANT£¬REVOKE£¬COMMIT£¬ROLLBACK)
Ê×ÏÈ,¼òÒª½éÉÜ»ù´¡Óï¾ä£º
1¡¢ËµÃ÷£º´ ......
Comparison of SQL and MDX Syntax
The Multidimensional Expressions (MDX) syntax is similar to the syntax of Structured Query Language (SQL). In many ways, the functionality supplied by MDX is also similar to that of SQL; with effort, you can eve ......
°²×°Ç°×¼±¸£º
Ç°ÑÔ£º
¡¡¡¡[ѧϰSQL SERVER 2005ϵÁÐ]×¼±¸°Ñѧϰ2005µÄһЩÐĵÃÕûÀí³öÀ´£¬ºÍ´ó¼Ò·ÖÏí£¬¹²Í¬Ñ§Ï°Ò»ÆðÌá¸ß¡£
°²×°×¼±¸£º
1¡¢SQL Server 2005 µÄ¸÷°æ±¾Ö®¼äÑ¡Ôñ
¡¡¡¡´ó¶àÊýÆóÒµ¶¼ÔÚÈý¸ö SQL Server °æ±¾Ö®¼äÑ¡Ôñ£ºSQL Server 2005 Enterprise Edition¡¢SQL Server 2005 Standard Edition ºÍ SQL Server 2 ......
