SQL ·À×¢Èëʽ¹¥»÷
1¡¢¼ì²éÊÇ·ñÓзǷ¨×Ö·û
public static boolean sql_inj(String str)
{
String inj_str = "'|and|exec|insert|select|delete|update|
count|*|%|chr|mid|master|truncate|char|declare|;|or|-|+|,";
//ÕâÀïµÄ¶«Î÷»¹¿ÉÒÔ×Ô¼ºÌí¼Ó
String[] inj_stra=inj_str.split("\\|");
for (int i=0 ; i <; inj_stra.length ; i++ )
{
if (str.indexOf(inj_stra[i])<=0)
{
return true;
}
}
return false;
}
2¡¢¹ýÂË·Ç·¨×Ö·û
public static String TransactSQLInjection(String str)
{
return str.replaceAll(".*([';]+|(--)+).*", " ");
}
Ïà¹ØÎĵµ£º
¸´ÖƱíµÄ½á¹¹
select * into newtable from oldtable where 1<>1
¸´ÖƱí´ï¶îÄÚÈÝ
insert into new table select *(ÁÐÃû) from oldtable
datediffº¯ÊýÓ÷¨
×÷ÓÃ
·µ»ØÁ½¸öÈÕÆÚÖ®¼äµÄ¼ä¸ô¡£
Óï·¨ ......
-- ±íµÄ½á¹¹ area
DROP TABLE area;
CREATE TABLE area (
id int NOT NULL ,
areaID int NOT NULL,
area varchar(200) NOT NULL,
fatherID int NOT NULL,
PRIMARY KEY (id)
)
DROP TABLE city;
CREATE TABLE city select
id int NOT NULL ......
¿´ÍêÈëÃÅƪºÍ½ø½×ƪºó£¬ÉÔ¼ÓÁ·Ï°£¬ÆƽâÒ»°ãµÄÍøÕ¾ÊÇûÎÊÌâÁË¡£µ«Èç¹ûÅöµ½±íÃûÁÐÃû²Â²»µ½£¬»ò³ÌÐò×÷Õß¹ýÂËÁËһЩÌØÊâ×Ö·û£¬ÔõôÌá¸ß×¢ÈëµÄ³É¹¦ÂÊ£¿ÔõôÑùÌá¸ß²Â½âЧÂÊ£¿Çë´ó¼Ò½Ó×ÅÍùÏ¿´¸ß¼¶Æª¡£
µÚÒ»½Ú¡¢ÀûÓÃϵͳ±í×¢ÈëSQLServerÊý¾Ý¿â
SQLServerÊÇÒ»¸ö¹¦ÄÜÇ¿´óµÄÊý¾Ý¿âϵͳ£¬Óë²Ù×÷ϵͳҲÓнôÃܵÄÁªÏµ£¬Õâ¸ø¿ª·¢Õß´øÀ´ÁË ......
½ñÌì´ò¿ªÆóÒµ¹ÜÀíÆ÷µÄʱºòÌáʾ“¹ØÓÚMMC²»ÄÜ´ò¿ªÎļþC:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQL Server Enterprise Manager.MSC¿ÉÄÜÊÇÓÉÓÚÎļþ²»´æÔÚ£¬²»ÊÇÒ»¸öMMC¿ØÖÆ̨£¬»òÕßÓúóÀ´µÄMMC°æ±¾´´½¨¡£Ò²¿ÉÄÜÄãûÓзÃÎÊ´ËÎļþµÄ×㹻ȨÏÞ”£¬googleÖ®£¬·¢ ......
1.²éѯµÄÄ£ºýÆ¥Åä
¾¡Á¿±ÜÃâÔÚÒ»¸ö¸´ÔÓ²éѯÀïÃæʹÓà LIKE '%parm1%'—— ºìÉ«±êʶλÖõİٷֺŻᵼÖÂÏà¹ØÁеÄË÷ÒýÎÞ·¨Ê¹Óã¬×îºÃ²»ÒªÓÃ.
½â¾ö°ì·¨:
ÆäʵֻÐèÒª¶Ô¸Ã½Å±¾ÂÔ×ö¸Ä½ø£¬²éѯËٶȱã»áÌá¸ß½ü°Ù±¶¡£¸Ä½ø·½·¨ÈçÏ£º
a¡¢ÐÞ¸Äǰ̨³ÌÐò——°Ñ²éѯÌõ¼þµÄ¹©Ó¦ÉÌÃû³ÆÒ»À¸ÓÉÔÀ´µÄÎı¾ÊäÈë¸ÄΪÏÂÀÁб ......
