·À·¶SQL×¢Èëʽ¹¥»÷
SQL×¢Èëʽ¹¥»÷ÊÇÀûÓÃÊÇÖ¸ÀûÓÃÉè¼ÆÉϵÄ©¶´£¬ÔÚÄ¿±ê·þÎñÆ÷ÉÏÔËÐÐSqlÃüÁîÒÔ¼°½øÐÐÆäËû·½Ê½µÄ¹¥»÷¶¯Ì¬Éú³ÉSqlÃüÁîʱûÓжÔÓû§ÊäÈëµÄÊý¾Ý½øÐÐÑéÖ¤ÊÇSql×¢Èë¹¥»÷µÃ³ÑµÄÖ÷ÒªÔÒò¡£
±ÈÈ磺
Èç¹ûÄãµÄ²éѯÓï¾äÊÇselect * from admin where username="&user&" and password="&pwd&""
ÄÇô£¬Èç¹ûÎÒµÄÓû§ÃûÊÇ£º1 or 1=1
ÄÇô£¬ÄãµÄ²éѯÓï¾ä½«»á±ä³É£º
select * from admin where username=1 or 1=1 and password="&pwd&""
ÕâÑùÄãµÄ²éѯÓï¾ä¾Íͨ¹ýÁË£¬´Ó¶ø¾Í¿ÉÒÔ½øÈëÄãµÄ¹ÜÀí½çÃæ¡£
ËùÒÔ·À·¶µÄʱºòÐèÒª¶ÔÓû§µÄÊäÈë½øÐмì²é¡£ÌرðʽһЩÌØÊâ×Ö·û£¬±ÈÈçµ¥ÒýºÅ£¬Ë«ÒýºÅ£¬·ÖºÅ£¬¶ººÅ£¬Ã°ºÅ£¬Á¬½ÓºÅµÈ½øÐÐת»»»òÕß¹ýÂË¡£
£¨³ýÁËÉÏÃæµÄ·½Ê½Í⻹¿ÉÒÔͨ¹ý´æ´¢¹ý³ÌÀ´·À·¶SQL×¢Èë¹¥»÷£©
ÐèÒª¹ýÂ˵ÄÌØÊâ×Ö·û¼°×Ö·û´®ÓУº
¡¡¡¡ net user
¡¡¡¡ xp_cmdshell
¡¡¡¡ /add
¡¡¡¡ exec master.dbo.xp_cmdshell
¡¡¡¡ net localgroup administrators
¡¡¡¡ select
¡¡¡¡ count
¡¡¡¡ Asc
¡¡¡¡ char
¡¡¡¡ mid
¡¡¡¡
¡¡¡¡ :
¡¡¡¡ "
¡¡¡¡ insert
¡¡¡¡ delete from
¡¡¡¡ drop table
¡¡¡¡ update
¡¡¡¡ truncate
¡¡¡¡ from
¡¡¡¡ %
ÏÂÃæ¹ØÓÚ½â¾ö×¢Èëʽ¹¥»÷µÄ·À·¶´úÂ룬¹©´ó¼Òѧϰ²Î¿¼£¡
js°æµÄ·À·¶SQL×¢Èëʽ¹¥»÷´úÂ룺
¡¡¡¡
<script language="javascript">
<!--
var url = location.search;
var re=/^\?(.*)(select%20|insert%20|delete%20from%20|count\(|drop%20table|update%20truncate%20|asc\(|mid\(|char\(|xp_cmdshell|exec%20master|net%20localgroup%20administrators|\"|:|net%20user|\|%20or%20)(.*)$/gi;
var e = re.test(url);
if(e) {
alert("µØÖ·Öк¬ÓзǷ¨×Ö·û¡«");
location.href="error.asp";
}
//-->
<script>
asp°æµÄ·À·¶SQL×¢Èëʽ¹¥»÷´úÂë¡«£º
[CODE START]
<%
On Error Resume Next
Dim strTemp
If LCase(Request.ServerVariables("HTTPS")) = "off" Then
strTemp = "http://"
Else
strTemp = "https://"
End If
strTemp = strTemp & Request.ServerVariables("SERVER_NAME")
If Request.ServerVariables("SERVER_PORT") <> 80 Then strTemp = strTemp & ":" & Request.ServerVariables("SERVER_PORT")
strTemp = strTemp & Request.ServerVariables("
Ïà¹ØÎĵµ£º
ÎÒÃÇÒª×öµ½²»µ«»áдSQL£¬»¹Òª×öµ½Ð´³öÐÔÄÜÓÅÁ¼µÄSQLÓï¾ä¡£
¡¡¡¡
¡¡¡¡£¨1£©Ñ¡Ôñ×îÓÐЧÂʵıíÃû˳Ðò(Ö»ÔÚ»ùÓÚ¹æÔòµÄÓÅ»¯Æ÷ÖÐÓÐЧ)£º
¡¡¡¡
¡¡¡¡OracleµÄ½âÎöÆ÷°´ÕÕ´ÓÓÒµ½×óµÄ˳Ðò´¦Àífrom×Ó¾äÖеıíÃû£¬from×Ó¾äÖÐдÔÚ×îºóµÄ±í(»ù´¡±í driving table)½«±»×îÏÈ´¦Àí£¬ÔÚfrom×Ó¾äÖаüº¬¶à¸ö±íµÄÇé¿öÏÂ,Äã±ØÐëÑ¡Ôñ ......
ÓÃSQLÉú³ÉÁ÷Ë®ºÅ
ת£ºÎ¤½ÌÎ ·¢±íÓÚ2010Äê02ÔÂ03ÈÕ 09:38 ÔĶÁ(4) ÆÀÂÛ(0)
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[fn_FillNumberWithZero]') and xtype in (N'FN', N'IF', N'TF'))
drop function [dbo].[fn_FillNumberWithZero]
GO
if exists ( ......
SQL Server°²×°³ö´íÎÊÌâ½â¾ö
ÏÈ
°ÑSQL ServerжÔØ£¬ÔÙ°Ñ°²×°Ê±²úÉúµÄ“Microsoft SQL
Server”Îļþ¼Ðɾµô,ÔÚÔËÐÐ×¢²á±í,°ÑHKEY_CURRENT_USER\\Software\\Microsoft\\Microsoft
SQL Server£¬ºÍHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SQL
ServerÈ«²¿É¾µô£¬(×¢ÒâÒª°ÑMicrosoft SQL ServerÎļþ¼ÐÕ ......
--1¡¢²éÕÒÔ±¹¤µÄ±àºÅ¡¢ÐÕÃû¡¢²¿ÃźͳöÉúÈÕÆÚ£¬Èç¹û³öÉúÈÕÆÚΪ¿ÕÖµ£¬ÏÔʾÈÕÆÚ²»Ïê,²¢°´²¿ÃÅÅÅÐòÊä³ö,ÈÕÆÚ¸ñʽΪyyyy-mm-dd¡£
select emp_no,emp_name,dept,isnull(convert(char(10),birthday,120),'ÈÕÆÚ²»Ïê') birthday
from employee
order by dept
--2¡¢²éÕÒÓëÓ÷×ÔÇ¿ÔÚͬһ¸öµ¥Î»µÄÔ±¹¤ÐÕÃû¡¢ÐԱ𡢲¿ÃźÍÖ°³Æ
select ......
1.×Ö·û´®º¯Êý
³¤¶ÈÓë·ÖÎöÓÃ
datalength(Char_expr) ·µ»Ø×Ö·û´®°üº¬×Ö·ûÊý,µ«²»°üº¬ºóÃæµÄ¿Õ¸ñ
substring(expression,start,length) ²»¶à˵ÁË,È¡×Ó´®
right(char_expr,int_expr) ·µ»Ø×Ö·û´®ÓÒ±ßint_expr¸ö×Ö·û
×Ö·û²Ù×÷Àà
upper(char_expr) תΪ´óд
lower(char_expr) תΪСд
space(int_expr) Éú³Éint_expr¸ ......
