ʲôÊÇSQL×¢Èë
¿ÉÄÜ´ó¼Ò»¹²»ÊǶÔSQL×¢ÈëÕâ¸ö¸ÅÄî²»ÊǺÜÇå³þ£¬¼òµ¥µØ˵,SQL×¢Èë¾ÍÊǹ¥»÷Õßͨ¹ýÕý³£µÄWEBÒ³Ãæ,°Ñ×Ô¼ºSQL´úÂë´«Èëµ½Ó¦ÓóÌÐòÖÐ,´Ó¶øͨ¹ýÖ´ÐзdzÌÐòÔ±Ô¤ÆÚµÄSQL´úÂë,´ïµ½ÇÔÈ¡Êý¾Ý»òÆÆ»µµÄÄ¿µÄ¡£
¡¡¡¡µ±Ó¦ÓóÌÐòʹÓÃÊäÈëÄÚÈÝÀ´¹¹Ô춯̬SQLÓï¾äÒÔ·ÃÎÊÊý¾Ý¿âʱ£¬»á·¢ÉúSQL×¢Èë¹¥»÷¡£Èç¹û´úÂëʹÓô洢¹ý³Ì£¬¶øÕâЩ´æ´¢¹ý³Ì×÷Ϊ°üº¬Î´É¸Ñ¡µÄÓû§ÊäÈëµÄ×Ö·û´®À´´«µÝ£¬Ò²»á·¢ÉúSQL×¢Èë¡£SQL×¢Èë¿ÉÄܵ¼Ö¹¥»÷ÕßʹÓÃÓ¦ÓóÌÐòµÇ½ÔÚÊý¾Ý¿âÖÐÖ´ÐÐÃüÁî¡£Èç¹ûÓ¦ÓóÌÐòʹÓÃÌØȨ¹ý¸ßµÄÕÊ»§Á¬½Óµ½Êý¾Ý¿â£¬ÕâÖÖÎÊÌâ»á±äµÃºÜÑÏÖØ¡£ÔÚijЩ±íµ¥ÖУ¬Óû§ÊäÈëµÄÄÚÈÝÖ±½ÓÓÃÀ´¹¹Ô죨»òÕßÓ°Ï죩¶¯Ì¬SQLÃüÁ»òÕß×÷Ϊ´æ´¢¹ý³ÌµÄÊäÈë²ÎÊý£¬ÕâЩ±íµ¥ÌرðÈÝÒ×Êܵ½SQL×¢ÈëµÄ¹¥»÷¡£¶øÐí¶àÍøÕ¾³ÌÐòÔÚ±àдʱ£¬Ã»ÓжÔÓû§ÊäÈëµÄºÏ·¨ÐÔ½øÐÐÅжϻòÕß³ÌÐòÖб¾ÉíµÄ±äÁ¿´¦Àí²»µ±£¬Ê¹Ó¦ÓóÌÐò´æÔÚ°²È«Òþ»¼¡£ÕâÑù£¬Óû§¾Í¿ÉÒÔÌá½»Ò»¶ÎÊý¾Ý¿â²éѯµÄ´úÂ룬¸ù¾Ý³ÌÐò·µ»ØµÄ½á¹û£¬»ñµÃһЩÃô¸ÐµÄÐÅÏ¢»òÕß¿ØÖÆÕû¸ö·þÎñÆ÷£¬ÓÚÊÇSQL×¢Èë¾Í·¢ÉúÁË¡£
Ò»°ãSQL×¢Èë
¡¡¡¡ÔÚWeb Ó¦ÓóÌÐòµÄµÇ¼ÑéÖ¤³ÌÐòÖÐ,Ò»°ãÓÐÓû§Ãû(username) ºÍÃÜÂë(password) Á½¸ö²ÎÊý,³ÌÐò»áͨ¹ýÓû§ËùÌá½»ÊäÈëµÄÓû§ÃûºÍÃÜÂëÀ´Ö´ÐÐÊÚȨ²Ù×÷¡£ÎÒÃÇÓкܶàÈËϲ»¶½«SQLÓï¾äÆ´½ÓÆðÀ´¡£ÀýÈ磺
¡¡¡¡Select * from users where username =’ txtusername.Text ’ and password =’ txtpassword.Text ’
¡¡¡¡ÆäÔÀíÊÇͨ¹ý²éÕÒusers ±íÖеÄÓû§Ãû(username) ºÍÃÜÂë(password) µÄ½á¹ûÀ´½øÐÐÊÚȨ·ÃÎÊ, ÔÚtxtusername.TextΪmysql£¬txtpassword.TextΪmary£¬ÄÇôSQL²éѯÓï¾ä¾ÍΪ£º
¡¡¡¡Select * from users where username =’ mysql ’ and password =’ mary ’
¡¡¡¡Èç¹û·Ö±ð¸øtxtusername.Text ºÍtxtpassword.Text¸³Öµ’ or ‘1’ = ‘1’ --ºÍabc¡£ÄÇô,SQL ½Å±¾½âÊÍÆ÷ÖеÄÉÏÊöÓï¾ä¾Í»á±äΪ:
¡¡¡¡Select * from users where username =’’or ‘1’ = ‘1’ -- and password =’abc’
¡¡¡¡¸ÃÓï¾äÖнøÐÐÁËÁ½¸öÌõ¼þÅжÏ,Ö»ÒªÒ»¸öÌõ¼þ³ÉÁ¢,¾Í»áÖ´Ðгɹ¦¡£¶ø'1'='1'ÔÚÂß¼ÅжÏÉÏÊǺã³ÉÁ¢µÄ,ºóÃæµÄ"--" ±íʾעÊÍ,¼´ºóÃæËùÓеÄÓï¾äΪעÊÍÓï¾äÕâÑùÎÒÃǾͳɹ¦µÇ¼¡£¼´SQL×¢Èë³É¹¦.
¡¡¡¡Èç¹ûÎÒÃǸøtxtusername.Text¸³ÖµÎª:’;drop table users--¼´:
¡¡¡¡Select * from users where username =’’;drop table users--
Ïà¹ØÎĵµ£º
ϵͳ»·¾³£ºWindows 7
Èí¼þ»·¾³£ºVisual C++ 2008 SP1 +SQL Server 2005
±¾´ÎÄ¿µÄ£º±àдһ¸öº½¿Õ¹ÜÀíϵͳ
ÕâÊÇÊý¾Ý¿â¿Î³ÌÉè¼ÆµÄ³É¹û£¬ËäÈ»³É¼¨²»¼Ñ£¬µ«ÊÇ×÷ΪÎÒÓÃVC++ ÒÔÀ´±àдµÄ×î´ó³ÌÐò»¹ÊÇ´«µ½ÍøÉÏ£¬ÒÔ¹©²Î¿¼¡£ÓÃVC++ ×öÊý¾Ý¿âÉè¼Æ²¢²»ÈÝÒ×£¬µ«Ò²²»ÊDz»¿ÉÄÜ¡£ÒÔÏÂÊÇÎҵijÌÐò½çÃ棬ºóÃæ ......
ORACLE SQLÐÔÄÜÓÅ»¯´ó×ܽá
1£© Ñ¡Ôñ×îÓÐЧÂʵıíÃû˳Ðò(Ö»ÔÚ»ùÓÚ¹æÔòµÄÓÅ»¯Æ÷ÖÐÓÐЧ)£º
" ?; J) n+ v8 J- v" q OracleµÄ½âÎöÆ÷°´ÕÕ´ÓÓÒµ½×óµÄ˳Ðò´¦Àífrom×Ó¾äÖеıíÃû£¬from×Ó¾äÖÐдÔÚ×îºóµÄ±í(»ù´¡±í driving table)½«±»×îÏÈ´¦Àí£¬ÔÚfrom×Ó¾äÖаüº¬¶à¸ö±íµÄÇé¿öÏÂ,Äã±ØÐëÑ¡Ôñ¼Ç¼ÌõÊý×îÉٵıí×÷Ϊ»ù´¡±í¡ ......
SQL²Ù×÷È«¼¯
ÏÂÁÐÓï¾ä²¿·ÖÊÇMssqlÓï¾ä£¬²»¿ÉÒÔÔÚaccessÖÐʹÓá£
SQL·ÖÀࣺ
DDL—Êý¾Ý¶¨ÒåÓïÑÔ(CREATE£¬ALTER£¬DROP£¬DECLARE)
DML—Êý¾Ý²Ù×ÝÓïÑÔ(SELECT£¬DELETE£¬UPDATE£¬INSERT)
DCL—Êý¾Ý¿ØÖÆÓïÑÔ(GRANT£¬REVOKE£¬COMMIT£¬ROLLBACK)
Ê×ÏÈ,¼òÒª½éÉÜ»ù´¡Óï¾ä£º
1¡¢ËµÃ÷£º´´½¨Êý¾Ý¿â
CREATE ......
ÔÚ¼ÆËã»úÖÐÊý¾ÝÓÐÁ½ÖÖÌØÕ÷£ºÀàÐͺͳ¤¶È¡£ËùνÊý¾ÝÀàÐ;ÍÊÇÒÔÊý¾ÝµÄ±íÏÖ·½Ê½ºÍ´æ´¢·½Ê½À´»®·ÖµÄÊý¾ÝµÄÖÖÀà¡£
ÔÚSQL Server ÖÐÿ¸ö±äÁ¿¡¢²ÎÊý¡¢±í´ïʽµÈ¶¼ÓÐÊý¾ÝÀàÐÍ¡£ÏµÍ³ÌṩµÄÊý¾ÝÀàÐÍ·ÖΪ¼¸´óÀ࣬Èç±í4-2 Ëùʾ¡£
ÆäÖУ¬BIGINT¡¢ SQL_VARIANT ºÍTABLE ÊÇSQL Server ......
1.×Ö·û´®º¯Êý £º
datalength(Char_expr) ·µ»Ø×Ö·û´®°üº¬×Ö·ûÊý,µ«²»°üº¬ºóÃæµÄ¿Õ¸ñ
length(expression,variable)Ö¸¶¨×Ö·û´®»ò±äÁ¿Ãû³ÆµÄ³¤¶È¡£
substring(expression,start,length) ²»¶à˵ÁË,È¡×Ó´®
right(char_expr,int_expr) ·µ»Ø×Ö·û´®ÓÒ±ßint_expr¸ö×Ö·û
concat(str1,str2,...)·µ»ØÀ´×ÔÓÚ²ÎÊýÁ¬½áµÄ×Ö·û´®¡£dat ......
