SQL ·À×¢Èëʽ¹¥»÷
1¡¢¼ì²éÊÇ·ñÓзǷ¨×Ö·û
public static boolean sql_inj(String str)
{
String inj_str = "'|and|exec|insert|select|delete|update|
count|*|%|chr|mid|master|truncate|char|declare|;|or|-|+|,";
//ÕâÀïµÄ¶«Î÷»¹¿ÉÒÔ×Ô¼ºÌí¼Ó
String[] inj_stra=inj_str.split("\\|");
for (int i=0 ; i <; inj_stra.length ; i++ )
{
if (str.indexOf(inj_stra[i])<=0)
{
return true;
}
}
return false;
}
2¡¢¹ýÂË·Ç·¨×Ö·û
public static String TransactSQLInjection(String str)
{
return str.replaceAll(".*([';]+|(--)+).*", " ");
}
Ïà¹ØÎĵµ£º
¡¡¡¡±¾ÎÄ´ÓSQL´æ´¢¹ý³ÌµÄ¸ÅÄÓŵ㣬Óï·¨£¬´´½¨¼¼ÇÉ£¬µ÷Óõȶ෽Ãæ½éÉÜÁËSQL´æ´¢¹ý³Ì¡£
¡¡¡¡Ò»¡¢SQL´æ´¢¹ý³ÌµÄ¸ÅÄÓŵ㼰Óï·¨
¡¡¡¡¡¡¶¨Ò壺½«³£ÓõĻòºÜ¸´ÔӵŤ×÷£¬Ô¤ÏÈÓÃSQLÓï¾äдºÃ²¢ÓÃÒ»¸öÖ¸¶¨µÄÃû³Æ´æ´¢ÆðÀ´, ÄÇôÒÔºóÒª½ÐÊý¾Ý¿âÌṩÓëÒѶ¨ÒåºÃµÄ´æ´¢¹ý³ÌµÄ¹¦ÄÜÏàͬµÄ·þÎñʱ,Ö»Ðèµ÷ÓÃexecute,¼´¿É×Ô¶¯Íê³ÉÃüÁî¡ ......
Ò»¡¢Êý¾Ý¿â´æ´¢¸ÅÊö
1¡¢Êý¾ÝÎļþÀàÐÍ
· Primary data files:ÿ¸öÊý¾Ý¿â¶¼ÓÐÒ»¸öµ¥¶ÀµÄÖ÷ÒªÊý¾ÝÎļþ£¬Ä¬ÈÏÒÔ.mdfÀ©Õ¹Ãû¡£Ö÷ÒªÊý¾ÝÎļþ²»½ö°üº¬Êý¾ÝÐÅÏ¢£¬»¹°üº¬Óë¸ÃÊý¾Ý¿â½á¹¹Ïà¹ØµÄÐÅÏ¢¡£´´½¨Êý¾Ý¿âʱ£¬Êý¾Ý¿â½á¹¹Ïà¹ØÐÅÏ¢²»½ö´æÔÚÓÚmasterÊý¾Ý¿âÖУ¬Í¬Ê ......
À´×Ô:http://www.cnblogs.com/mikeye/archive/2007/04/13/711878.html
ºÍÀ´×Ô:http://tech.ccidnet.com/art/3539/20080225/1370107_1.html
ÓÃeclipseÀ´½øÐÐMicrosoft SQL Server 2005Êý¾Ý¿â·½ÃæµÄ¿ª·¢£¬ÏÈ°ÑMS SQL Server 2005 JDBC DriverµÄÇý¶¯ÏÂÔغó¼ÓÈ빤³ÌÎļþµÄÀà¿âÖУ»È»ºóдURL×Ö·û´®¡£¸ù¾ÝÒÔÍùµÄд·¨Ð´È룺url = ......
1.DATEADDº¯Êý
ÔÚÏòÖ¸¶¨ÈÕÆÚ¼ÓÉÏÒ»¶Îʱ¼äµÄ»ù´¡ÉÏ£¬·µ»ØÐ嵀 datetime Öµ¡£
Óï·¨
DATEADD ( datepart , number, date )
²ÎÊý
datepart
ÈÕÆÚ²¿·Ö
Ëõд
Year
yy, yyyy
quarter
qq, q
Month
mm, m
dayofyear
dy, y
Day
dd, d
Week
wk, ww
Hour
hh
minute
mi, n
second
ss, s
millisecond
m ......
1.²éѯµÄÄ£ºýÆ¥Åä
¾¡Á¿±ÜÃâÔÚÒ»¸ö¸´ÔÓ²éѯÀïÃæʹÓà LIKE '%parm1%'—— ºìÉ«±êʶλÖõİٷֺŻᵼÖÂÏà¹ØÁеÄË÷ÒýÎÞ·¨Ê¹Óã¬×îºÃ²»ÒªÓÃ.
½â¾ö°ì·¨:
ÆäʵֻÐèÒª¶Ô¸Ã½Å±¾ÂÔ×ö¸Ä½ø£¬²éѯËٶȱã»áÌá¸ß½ü°Ù±¶¡£¸Ä½ø·½·¨ÈçÏ£º
a¡¢ÐÞ¸Äǰ̨³ÌÐò——°Ñ²éѯÌõ¼þµÄ¹©Ó¦ÉÌÃû³ÆÒ»À¸ÓÉÔÀ´µÄÎı¾ÊäÈë¸ÄΪÏÂÀÁб ......
