·ÀÖ¹sql×¢Èë ÊÊÓÃÓÚ URL ID ´¿Êý×Ö
Àý×Ó£º int id = Convert.ToInt32(replace((Request.QueryString["id"]), ""));
public static string replace(string str, string str2)
{
str = str.Replace(";", str2);
str = str.Replace("&", str2);
str = str.Replace("<", str2);
str = str.Replace(">", str2);
str = str.Replace("'", str2);
str = str.Replace("--", str2);
str = str.Replace("/", str2);
str = str.Replace("%", str2);
str = str.Replace("~", str2);
str = str.Replace(",", str2);
str = str.Replace("`", str2);
str = str.Replace("!", str2);
str = str.Replace("@", str2);
str = str.Replace("#", str2);
str = str.Replace("$", str2);
str = str.Replace("^", str2);
str = str.Replace("*", str2);
str = str.Replace("(", str2);
str = str.Replace(")", str2);
str = str.Replace("+", str2);
str = str.Replace(":", str2);
str = str.Replace("<", str2);
str = str.Replace(">", str2);
str = str.Replace("?", str2);
Ïà¹ØÎĵµ£º
--µÃµ½Êý¾Ý¿âµÄËùÓÐÕßÃû³Æ
SELECT distinct RDB$OWNER_NAME AS DATABASE_OWNER
from RDB$RELATIONS
WHERE (RDB$SYSTEM_FLAG = 1);
--¸ù¾Ý±íÃûµÃµ½±íµÄÖ÷¼ü
SELECT RC.RDB$CONSTRAINT_NAME AS CONSTRAINT_NAME,
I.RDB$RELATION_NAME AS TABLE_NAME,
S.RDB$FIELD_NAME AS COLUMN_NAME
from RDB$RELATION_CONSTRAINTS ......
¸ÄÉÆSQLÓï¾ä
¡¡¡¡ºÜ¶àÈ˲»ÖªµÀSQLÓï¾äÔÚsql serverÖÐÊÇÈçºÎÖ´Ðеģ¬ËûÃǵ£ÐÄ×Ô¼ºËùдµÄSQLÓï¾ä»á±»SQL SERVERÎó½â¡£±ÈÈ磺
select * from table1 where name=''zhangsan'' and tID > 10000
ºÍÖ´ÐÐ:
select * from table1 where tID > 10000 and name=''zhangsan''
¡¡¡¡Ò»Ð©È˲»ÖªµÀÒÔÉÏÁ½ÌõÓï¾äµÄÖ´ÐÐЧÂÊÊÇ·ñÒ» ......
SQL×¢Èë¹¥»÷µÄΣº¦ÐԺܴó¡£ÔÚ½²½âÆä·ÀÖ¹°ì·¨Ö®Ç°£¬Êý¾Ý¿â¹ÜÀíÔ±ÓбØÒªÏÈÁ˽âÒ»ÏÂÆä¹¥»÷µÄÔÀí¡£ÕâÓÐÀûÓÚ¹ÜÀíÔ±²ÉÈ¡ÓÐÕë¶ÔÐԵķÀÖδëÊ©¡£
¡¡ Ò»¡¢ SQL×¢Èë¹¥»÷µÄ¼òµ¥Ê¾Àý¡£
¡¡¡¡statement := "SELECT * from Users WHERE Value= " + a_variable + "
ÉÏÃæÕâÌõÓï¾äÊǺÜÆ ......
×î½üºÜ棬ÓиöÏîÄ¿ÂíÉÏÒªÕб꣬һ¸öÏîÄ¿µÈ׏¤£¬Èô¸ÉËöËéµÄʽøÐÐÖУ¬ÓÐÒ»¶Îʱ¼äû¸üÐÂЩÓÐÓªÑøµÄ¶«Î÷ÁË
˵¸öÌâÍâ»°ÏÈ¡£
½ñÌ쿪»ú×¼±¸°Ñ×òÌìµÄ¶«Î÷debugһϣ¬ºÜÏ°¹ßµØÓÒ¼üÏîÄ¿µÄÆô¶¯Îļþ¿ªÊ¼debug£¬»úÆ÷ͻȻÀ¶ÆÁÖØÆô¡£¿ªÊ¼ÒÔΪÓÖÊÇÄÚ´æÔÚ͵͵³¬Æµ£¬¼ì²éÁËÒ»ÏÂbios£¬·¢ÏÖûʲôÎÊÌ⣬ҲûÔõôÔÚÒ⣬ËíÖØпªÆôvs2008¼ÌÐø ......
