C#.NET·ÀÖ¹SQL×¢Èëʽ¹¥»÷
1 ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£© #region ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£©
2
3 /**/ ///
4 /// ÅжÏ×Ö·û´®ÖÐÊÇ·ñÓÐSQL¹¥»÷´úÂë
5 ///
6 /// ´«ÈëÓû§Ìá½»Êý¾Ý
7 /// true-°²È«£»false-ÓÐ×¢Èë¹¥»÷ÏÖÓУ»
8 public bool ProcessSqlStr( string inputString)
9 {
10 string SqlStr = @" and|or|exec|execute|insert|select|delete|update|alter|create|drop|count|\*|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net +localgroup +administrators " ;
11 try
12 {
13 if ((inputString != null ) && (inputString != String.Empty))
14 {
15 string str_Regex = @" \b( " + SqlStr + @" )\b " ;
16
17 Regex Regex = new Regex(str_Regex, RegexOptions.IgnoreCase);
18 // string s = Regex.Match(inputString).Value;
19 if ( true == Regex.IsMatch(inputString))
20 return false ;
21
22 &
Ïà¹ØÎĵµ£º
±í£ºÓû§ºÅÂ룬µÇ¼ʱ¼ä
ÏÔʾ £ºÃ¿ÈյǼ¸÷ʱ¼ä¶ÎµÄµÇ¼ÈËÊý£¬ºÍÿÌìµÇ¼ÈËÊý
if isnull(object_id('#tb'),'')=''
drop table #tb
CREATE TABLE #tb(ÁÐÃû1 varchar(12),ʱ¼ä datetime)
INSERT INTO #tb
SELECT '03174190188','2009-11-01 07:17:39.217' UNION ALL
SELECT '015224486575','2009-11-01 08:01:17.153' ......
create table tb (ptoid int,proclassid int,proname varchar(10))
insert tb
select 1,1,'Ò·þ1'
union all
select 2,2,'Ò·þ2'
union all
select 3,3,'Ò·þ3'
union all
select 4,3,'Ò·þ4'
union all
select 5,2,'Ò·þ5'
union all
select 6,2,'Ò·þ6'
union all
select 7,2,'Ò·þ7'
union all
select 8 ......
ÓÉÓÚÐèҪʵÏÖÒÔϹ¦ÄÜ£º
Íø¹Øͨ¹ý´®¿Ú·¢ËÍÊý¾Ý¸øPC»ú£¬PC»úÊÕ¼¯Êý¾Ý²¢½âÎö±£´æµ½MySQLÖУ¬È»ºóJSPÒ³Ãæ¶ÁÈ¡MySQLÖеÄÊý¾Ý²¢ÏÔʾ¡£
ËùÒÔÀûÓÃC#Á¬½ÓMySQLÊý¾Ý³ÉΪÁ˱ØÐëÒª¾¹ýµÄ¹ý³Ì£¬Ôڴ˸øÓèÏêϸµÄ˵Ã÷¡£
1¡¢ÏÂÔØÐèÒªµÄÎļþMySQLDriverCS£¬ÏÂÔصØַΪ£ºhttp://sourceforge.net/projects/mysqldrivercs
2¡¢°²×°Îļþ£ºMySQ ......
1 MySQLÖ§³Öenum,ºÍsetÀàÐÍ£¬SQL Server²»Ö§³Ö
¡¡¡¡2 MySQL²»Ö§³Önchar,nvarchar,ntextÀàÐÍ
¡¡¡¡3 MySQLµÄµÝÔöÓï¾äÊÇAUTO_INCREMENT£¬¶øMS SQLÊÇidentity(1,1)
¡¡¡¡4 MS SQLĬÈϵ½´¦±í´´½¨Óï¾äµÄĬÈÏÖµ±íʾÊÇ((0)),¶øÔÚMySQLÀïÃæÊDz»ÔÊÐí´øÁ½À¨ºÅµÄ
¡¡¡¡5 MySQLÐèҪΪ±íÖ¸¶¨´æ´¢ÀàÐÍ
¡ ......
