·À·¶SQL×¢Èëʽ¹¥»÷
SQL×¢Èëʽ¹¥»÷ÊÇÀûÓÃÊÇÖ¸ÀûÓÃÉè¼ÆÉϵÄ©¶´£¬ÔÚÄ¿±ê·þÎñÆ÷ÉÏÔËÐÐSqlÃüÁîÒÔ¼°½øÐÐÆäËû·½Ê½µÄ¹¥»÷¶¯Ì¬Éú³ÉSqlÃüÁîʱûÓжÔÓû§ÊäÈëµÄÊý¾Ý½øÐÐÑéÖ¤ÊÇSql×¢Èë¹¥»÷µÃ³ÑµÄÖ÷ÒªÔÒò¡£
±ÈÈ磺
Èç¹ûÄãµÄ²éѯÓï¾äÊÇselect * from admin where username="&user&" and password="&pwd&""
ÄÇô£¬Èç¹ûÎÒµÄÓû§ÃûÊÇ£º1 or 1=1
ÄÇô£¬ÄãµÄ²éѯÓï¾ä½«»á±ä³É£º
select * from admin where username=1 or 1=1 and password="&pwd&""
ÕâÑùÄãµÄ²éѯÓï¾ä¾Íͨ¹ýÁË£¬´Ó¶ø¾Í¿ÉÒÔ½øÈëÄãµÄ¹ÜÀí½çÃæ¡£
ËùÒÔ·À·¶µÄʱºòÐèÒª¶ÔÓû§µÄÊäÈë½øÐмì²é¡£ÌرðʽһЩÌØÊâ×Ö·û£¬±ÈÈçµ¥ÒýºÅ£¬Ë«ÒýºÅ£¬·ÖºÅ£¬¶ººÅ£¬Ã°ºÅ£¬Á¬½ÓºÅµÈ½øÐÐת»»»òÕß¹ýÂË¡£
£¨³ýÁËÉÏÃæµÄ·½Ê½Í⻹¿ÉÒÔͨ¹ý´æ´¢¹ý³ÌÀ´·À·¶SQL×¢Èë¹¥»÷£©
ÐèÒª¹ýÂ˵ÄÌØÊâ×Ö·û¼°×Ö·û´®ÓУº
¡¡¡¡ net user
¡¡¡¡ xp_cmdshell
¡¡¡¡ /add
¡¡¡¡ exec master.dbo.xp_cmdshell
¡¡¡¡ net localgroup administrators
¡¡¡¡ select
¡¡¡¡ count
¡¡¡¡ Asc
¡¡¡¡ char
¡¡¡¡ mid
¡¡¡¡
¡¡¡¡ :
¡¡¡¡ "
¡¡¡¡ insert
¡¡¡¡ delete from
¡¡¡¡ drop table
¡¡¡¡ update
¡¡¡¡ truncate
¡¡¡¡ from
¡¡¡¡ %
ÏÂÃæ¹ØÓÚ½â¾ö×¢Èëʽ¹¥»÷µÄ·À·¶´úÂ룬¹©´ó¼Òѧϰ²Î¿¼£¡
js°æµÄ·À·¶SQL×¢Èëʽ¹¥»÷´úÂ룺
¡¡¡¡
<script language="javascript">
<!--
var url = location.search;
var re=/^\?(.*)(select%20|insert%20|delete%20from%20|count\(|drop%20table|update%20truncate%20|asc\(|mid\(|char\(|xp_cmdshell|exec%20master|net%20localgroup%20administrators|\"|:|net%20user|\|%20or%20)(.*)$/gi;
var e = re.test(url);
if(e) {
alert("µØÖ·Öк¬ÓзǷ¨×Ö·û¡«");
location.href="error.asp";
}
//-->
<script>
asp°æµÄ·À·¶SQL×¢Èëʽ¹¥»÷´úÂë¡«£º
[CODE START]
<%
On Error Resume Next
Dim strTemp
If LCase(Request.ServerVariables("HTTPS")) = "off" Then
strTemp = "http://"
Else
strTemp = "https://"
End If
strTemp = strTemp & Request.ServerVariables("SERVER_NAME")
If Request.ServerVariables("SERVER_PORT") <> 80 Then strTemp = strTemp & ":" & Request.ServerVariables("SERVER_PORT")
strTemp = strTemp & Request.ServerVariables("
Ïà¹ØÎĵµ£º
ÓÃSQLÉú³ÉÁ÷Ë®ºÅ
ת£ºÎ¤½ÌÎ ·¢±íÓÚ2010Äê02ÔÂ03ÈÕ 09:38 ÔĶÁ(4) ÆÀÂÛ(0)
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[fn_FillNumberWithZero]') and xtype in (N'FN', N'IF', N'TF'))
drop function [dbo].[fn_FillNumberWithZero]
GO
if exists ( ......
SQL ServerµÄ²¹¶¡°æ±¾¼ì²é²»ÈçWindows ²¹¶¡°æ±¾¼ì²éÖ±½Ó£¬Ò»¸öϵͳ¹ÜÀíÔ±£¬Èç¹û²»Á˽âSQL Server°æ±¾¶ÔÓ¦µÄ²¹¶¡ºÅ£¬¿ÉÄÜÒ²»áÓöµ½Ò»µãÂé·³£¬Òò´ËÔÚÕâ˵Ã÷һϣ¬Í¨¹ýÕâÑùµÄ°ì·¨Åбð»úÆ÷ÊÇ°²È«µÄ°ì·¨£¬²»»á¶Ôϵͳ²úÉúÈκÎÓ°Ïì¡£
¡¡
1¡¢ÓÃIsql»òÕßSQL²éѯ·ÖÎöÆ÷µÇ¼µ½SQL Server£¬Èç¹ûÊÇÓÃIsql£¬ÇëÔÚcmd´°¿ÚÊäÈëisql -U sa,È» ......
½ñÌìÕÒµ½ÁËÈ¡mysql±íºÍ×Ö¶Î×¢Ê͵ÄÓï¾ä
È¡×Ö¶Î×¢ÊÍ
SELECT COLUMN_NAME ÁÐÃû, DATA_TYPE ×Ö¶ÎÀàÐÍ, COLUMN_COMMENT ×Ö¶Î×¢ÊÍ
from INFORMATION_SCHEMA.COLUMNS
WHERE table_name = 'companies'##±íÃû
AND table_schema = 'testhuicard'##Êý¾Ý¿âÃû
AND column_name LIKE 'c_name'##×Ö¶ÎÃû
--------------------------- ......
1.×Ö·û´®º¯Êý
³¤¶ÈÓë·ÖÎöÓÃ
datalength(Char_expr) ·µ»Ø×Ö·û´®°üº¬×Ö·ûÊý,µ«²»°üº¬ºóÃæµÄ¿Õ¸ñ
substring(expression,start,length) ²»¶à˵ÁË,È¡×Ó´®
right(char_expr,int_expr) ·µ»Ø×Ö·û´®ÓÒ±ßint_expr¸ö×Ö·û
×Ö·û²Ù×÷Àà
upper(char_expr) תΪ´óд
lower(char_expr) תΪСд
space(int_expr) Éú³Éint_expr¸ ......
SQL SERVER 2005 ¼ò½é
Ò»Ö±ÒÔÀ´£¬T-SQL¶¼ÊÇÈÝÒ×ÉÏÊֵĽṹ»¯²éѯÓïÑÔ£¬Ëæ×ÅSQL ServerµÄ°æ±¾Ñݽø£¬³ýÁËÄÚ²¿¹¦ÄÜÔö¼Ó£¬
T-SQLÒ²´ó·ùÀ©ÔöÁËеIJéѯָÁî¡£ÀýÈ磺XQuery¡¢È¡µÃÅÅÃû˳ÐòµÄº¯Êý¡¢¼¯ºÏÔËËã´îÅäOVERÔËËã·û¡¢TOPÔËËã·û¿ÉÒÔ´îÅä±äÁ¿»ò×Ó²éѯ£¬ÒÔ¼°Í ......
