SQL ·À×¢Èëʽ¹¥»÷
1¡¢¼ì²éÊÇ·ñÓзǷ¨×Ö·û
public static boolean sql_inj(String str)
{
String inj_str = "'|and|exec|insert|select|delete|update|
count|*|%|chr|mid|master|truncate|char|declare|;|or|-|+|,";
//ÕâÀïµÄ¶«Î÷»¹¿ÉÒÔ×Ô¼ºÌí¼Ó
String[] inj_stra=inj_str.split("\\|");
for (int i=0 ; i <; inj_stra.length ; i++ )
{
if (str.indexOf(inj_stra[i])<=0)
{
return true;
}
}
return false;
}
2¡¢¹ýÂË·Ç·¨×Ö·û
public static String TransactSQLInjection(String str)
{
return str.replaceAll(".*([';]+|(--)+).*", " ");
}
Ïà¹ØÎĵµ£º
Êý¾Ý¿âsqlµÄÌØÊâ×Ö·û£º
1£©µ¥ÒýºÅ’£ºÀýÈçstring a = “this is marry’s book.”;
ʹÓÃinsertʱ¾Í»á³ö´í¡£
½â¾ö£ºa= a.Replace("'","' ......
sql serverµÄËæ»úº¯ÊýnewID()ºÍRAND()¡¡¡¡
¡¡¡¡SELECT * from Northwind..Orders ORDER BY NEWID()
¡¡¡¡--Ëæ»úÅÅÐò
¡¡¡¡SELECT TOP 10 * from Northwind..Orders ORDER BY NEWID()
¡¡¡¡--´ÓOrders±íÖÐËæ»úÈ¡³ö10Ìõ¼Ç¼¡¡¡¡
¡¡¡¡Ê¾Àý¡¡¡¡
¡¡¡¡A.¶Ô±äÁ¿Ê¹Óà NEWID º¯Êý
¡¡¡¡ÒÔÏÂʾÀýʹÓà NEWID() ¶ÔÉùÃ÷Ϊ uniq ......
--½áºÏsys.indexesºÍsys.index_columns,sys.objects,sys.columns²éѯË÷ÒýËùÊôµÄ±í»òÊÓͼµÄÐÅÏ¢
select
o.name as ±íÃû,
i.name as Ë÷ÒýÃû,
c.name as ÁÐÃû,
i.type_desc as ÀàÐÍÃèÊö,
is_primary_key as Ö÷¼üÔ¼Êø,
is_unique_constraint as ΨһԼÊø,
is_disable ......
Èë Êƪ
Èç¹ûÄãÒÔǰûÊÔ¹ýSQL×¢ÈëµÄ»°£¬ÄÇôµÚÒ»²½ÏÈ°ÑIE²Ëµ¥=>¹¤¾ß=>InternetÑ¡Ïî=>¸ß¼¶=>ÏÔʾÓѺà HTTP ´íÎóÐÅϢǰÃæµÄ¹´È¥µô¡£·ñÔò£¬²»ÂÛ·þÎñÆ÷·µ»Øʲô´íÎó£¬IE¶¼Ö»ÏÔʾΪHTTP 500·þÎñÆ÷´íÎ󣬲»ÄÜ»ñµÃ¸ü¶àµÄÌáʾÐÅÏ¢¡£
µÚÒ»½Ú¡¢SQL×¢ÈëÔÀí
ÒÔÏÂÎÒÃÇ´ÓÒ»¸öÍøÕ¾www.19cn.com¿ªÊ¼£¨×¢£º±¾ÎÄ·¢±íÇ°ÒÑÕ÷µ ......
