Ò»Ö±ÒÔÀ´¶¼ÒÔΪֻÓпոñ£¬tab¼üºÍ×¢ÊÍ·û/**/¿ÉÒÔÓÃÀ´Çиîsql¹Ø¼ü×Ö£¬¶Îʱ¼ä
ÔÚа°Ë¿´ÁË·çѸcms×¢È멶´ÄÇƪÌû×Ó£¬²ÅÖªµÀÔÀ´»Ø³µÒ²¿ÉÒÔÓÃÀ´×÷Ϊ·Ö¸î·û£¨
ÒÔÇ°¾¹È»Ã»ÓÐÏëµ½£¬ÕæÊÇʧ°Ü£©¡£»Ø³µµÄasciiÂëÊÇchr(13)&chr(10)£¬ÖÁÓÚΪʲ
ôҪÁ½¸öÁ¬ÔÚÒ»Æð£¬Õâ¸öÎÒÒ²²»ÖªµÀ¡£×ª»»³Éurl±àÂëÐÎʽÊÇ%0d%0a£¬ÓÚÊǾͿÉÒÔ
ÓÃ%0d%0a´úÌæ¿Õ¸ñpassһЩ¹ýÂË¿Õ¸ñµÄ¼ì²éÁË¡£
ÒýÉêһϣ¬Ö»ÓÃ%0dÄÜÕý³£Ö´ÐÐÓï¾äÂð£¿Ö»ÓÃ%0aÄØ£¿²âÊÔÖ¤Ã÷£¬ÓÃÈÎÒâÒ»ÖÖ·Ö¸î
ÔÚmssql¡¢mysqlºÍaccessÀïÃ涼ÊÇ¿ÉÒԵġ£
ÁíÍ⣬¹ØÓÚmssqlµÄ¶àÓï¾äÎÊÌâ¡£ÎÒÒÔÇ°Ò»Ö±ÒÔΪ±ØÐëÓ÷ֺÅ×÷ΪÓï¾äµÄ½á⣬ºó
À´·¢ÏÖ£¬ÍêÈ«²»ÊÇÄÇÑù¡£ÀàËÆ
Copy code
select * from table exec xp_cmdshell'xxxxxxxxxx'
select * from table/**/exec xp_cmdshell'xxxxxxxxxx'
select * from table|---tab---|exec xp_cmdshell'xxxxxxxxxx'
select * from table|---enter---|exec xp_cmdshell'xxxxxxxxxx'
µÄÓï¾ä¶¼ÊÇ¿ÉÒÔÕý³£Ö´Ðеġ£¶øÎÒÒÔÇ°¾¹È»Ò»Ö±²»ÖªµÀ£¡²»¹ýÕâ¸öòËƸúÁ¬½ÓÊý
¾Ý¿âÇý¶¯ÓйØϵ£¬odbc¿ÉÒÔÕý³£Ö´ÐУ¬sqloledbµÄ»°¾Í»á±¨´í¡£ÓÐÐËȤµÄ¼ÌÐøÑÐ
¾¿°É
ÕâÑù£¬ÒÔºóÓöµ½´ø¿Õ¸ñ¹ýÂ˹ؼü×ÖµÄÀ¹½Ø³ÌÐò£¬ÓÖ¿ÉÒÔ·¢»Ó· ......
SQLÈÕÆÚ¸ñʽ»¯
0 »ò 100 (*) ĬÈÏÖµ mon dd yyyy hh:miAM£¨»ò PM£©
1 101 ÃÀ¹ú mm/dd/yyyy
2 102 ANSI yy.mm.dd
3 103 Ó¢¹ú/·¨¹ú dd/mm/yy
4 104 µÂ¹ú dd.mm.yy
5 105 Òâ´óÀû dd-mm-yy
6 106 - dd mon yy
7 107 - mon dd, yy
8 108 - hh:mm:ss
-&nbs ......
--½«ÏµÍ³datediffº¯ÊýÖØд£¬Ö÷Òª°ÑdatepartÀàÐ͸ÄΪvarhcar£¬·½±ãµ÷ÓÃ
--×÷Õß:°½Ê¿Î°
--Date:2009-10-14 10:29
create function MyDateDiff(@datepart varchar(50), --ÈÕÆÚ¼ä¸ôÀàÐÍ:year,month,day.etc
@date1 varchar(50), @date2 varchar(50))
returns int
as
begin
declare @part int
if @datepart='year'
begin
set @part=datediff(year,@date1,@date2)
end
if @datepart='month'
begin
set @part=datediff(month,@date1,@date2)
end
if @datepart='day'
begin
set @part=datediff(day,@date1,@date2)
end
if @datepart='week'
begin
set @part=datediff(week,@date1,@date2)
end
if @datepart='hour'
begin
set @part=datediff(hour,@date1,@date2)
end
if @datepart='minute'
begin
set @part=datediff(minute,@date1,@date2)
......
ÎÊÌâ
ÈçºÎ´´½¨Ò»¸öT-SQL²âÊÔÌ×¼þÓÃÓÚ²âÊÔSQL´æ´¢¹ý³Ì¡£
Éè¼Æ
Ê×ÎÞ£¬Í¨¹ý²åÈë´óÁ¿²âÊÔƽ̨Êý¾Ý×¼±¸ºÃÒ»¸ö°üº¬´ý²â´æ´¢¹ý³ÌµÄµ×²ãÊý¾Ý¿â¡£½ÓÏÂÀ´£¬Ê¹ÓÃÒ»¸öSQLÓαê(cursor)±éÀúÕâ¸ö²âÊÔÓÃÀýÊý¾Ý±í¡£Õë¶Ôÿ¸ö²âÊÔÓÃÀý£¬µ÷Óôý²â´æ´¢¹ý³Ì²¢ÇÒÈ¡µÃËüµÄ·µ»ØÖµ£¬°Ñʵ¼Ê·µ»ØÖµÓëÆÚÍûÖµ½øÐбȽϣ¬´Ó¶øÅж¨²âÊÔ½á¹ûÊÇͨ¹ýÓë·ñ£¬È»ºóÏÔʾ»ò±£´æ²âÊÔ½á¹û¡£
·½°¸
——testAuto.sql
——ΪdbEmployeesÌî³äÊý¾Ý
truncate table dbEmployees.dbo.tblEmployees
insert into dbEmployees.dbo.tblEmployees values('e11','Adams','15/10/2009')
insert into dbEmployees.dbo.tblEmployees values('e22','Baker','15/10/2009')
insert into dbEmployees.dbo.tblEmployees values('e33','Young','15/10/2009')
insert into dbEmployees.dbo.tblEmployees values('e44','Zetta','15/10/2009')
——´Ë´¦²åÈë¸ü¶àÊý¾Ý
declare tCursor cursor fast_forward
for select caseID,input,expected
from dbTestCasesAndResults.dbo.tblTestCases
......
package com.itcast.service.base;
import java.util.LinkedHashMap;
import javax.persistence.Entity;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import com.itcast.util.QueryResult;
/**
* Õë¶ÔËùÓÐʵÌåbeanµÄÒ»¸ö³éÏóÀ࣬ËùÓеÄʵÌåbean°üÀ¨ProductType,ProductµÈµÈ
* @author lucky
*
*/
@Transactional
public abstract class DaoSupport implements DAO {
@PersistenceContext protected EntityManager em;
//µ÷ÓÃÏÂÃæµÄpublic <T> void delete(Class<T> entityClass,Object[] entityids·½·¨
public <T> void delete(Class<T> entityClass,Object entityid) {
delete(entityClass,new Object[]{entityid});
}
public <T> void delete(Class<T> entityClass,Object[] entityids) {
for ......
ÓÐÈýÕűí LP_COMPANY, LP_COMPANYTYPE,LP_APPLICATION
SQLÓï¾äÊÇ
SELECT b.appname,c.typename,a.ID, a.APPID, a.PROVID, a.CITY, a.DISTRICT, a.TYPEID, a.PARENTID,
a.COMNAME, a.CHARGER, a.LICENSE, a.OPENBANK, a.ACCOUNT, a.NATAXNO, a.LOTAXNO,
a.STATUS, a.MEMO, a.ADDDATE, a.ADDTIME, a.REMARK1, a.REMARK2, a.REMARK3, a.REMARK4
from LP_COMPANY a
left join lp_application b on a.appid=b.id left join lp_companytype c on a.typeid=c.id
ÁíÍâÐè×¢ÒâµÄÊÇ
ÏîÄ¿ËùÓÿò¼ÜÊÇ struts2+spring2+ibatis2
¹ÊÔÚcompanyµÄbeanºÍactionÖÐ ¼ÓÈëÁ½¸öÊôÐÔtypeName ºÍappName ......
×îÐÂÎÄÕ :