AccessÖÐÊý¾Ý¿âתÒå×Ö·û¹æÔò£º
²åÈë¡¢¸üС¢=Æ¥Åä Êý¾Ýʱ£¬Îı¾ÀàÐÍÈçÓÃ''À¨ÆðÀ´£¬Öмä¿ÉÒÔÓÐ ",*,%,[,],\,/,?,(,),{,}µÄÈÎÒâ×éºÏ£¬ÈçÒª²åÈëÒ»¸ö',Ðèд''²¢ÔÚÕû¸ö±í´ïʽÍâÌ×Ò»¶Ô''
È磬²åÈë 'ÕÅ''Èý',Êý¾Ý¿âÀï¾ÍÊÇ ÕÅ'Èý£¬Ó÷½À¨ºÅÊDz»¿ÉÒÔµÄ
²åÈë¡¢¸üС¢=Æ¥Åä Êý¾Ýʱ£¬Îı¾ÀàÐÍÈçÓÃ""À¨ÆðÀ´£¬Öмä¿ÉÒÔÓÐ ',*,%,[,],\,/,?,(,),{,}µÄÈÎÒâ×éºÏ£¬ÈçÒª²åÈëÒ»¸ö',Ðèд''²¢ÔÚÕû¸ö±í´ïʽÍâÌ×Ò»¶Ô""
È磬²åÈë"ÕÅ""Èý",Êý¾Ý¿âÀïÊÇ ÕÅ"Èý
Ä£ºýÆ¥Åäʱ£¬Îı¾ÀàÐÍÓÃ''À¨ÆðÀ´,Öмä¿ÉÒÔÓÐ ",*,],\,/,(,),{,}ÈÎÒâ×éºÏ,¶Ô[,%,?,ÐèÒªÔÚÿ¸öÌØÊâ·ûºÅ×óÓÒ½ô¸ú×ÅÌ×Ò»¶Ô[],
ÈçҪƥÅä[?,Ӧд Like '%[[][?]%',²»ÄÜд Like '%[[?]%',ºóÕß»áÆ¥Å京ÓÐ[»ò?µÄ¼Ç¼£¬¶ø[?²»Ò»¶¨»áÆ¥Åäµ½½ô°¤Ò»Æð¡£
×ܽ᣺
²åÈë¡¢¸üС¢µÈÓÚÆ¥Åä Êý¾Ýʱ£¬Í³Ò»½«Îı¾ÀàÐÍÓÃ''À¨ÆðÀ´£¬Ö»ÐèÒª½«´ý²åÈë±í´ïʽÖеÄ'ת»¯Îª''
ÔÚÄ£ºýÆ¥Åäʱ£¬Îı¾ÀàÐÍͳһÓÃ''À¨ÆðÀ´£¬½«'תΪ'',ͬʱ¶Ôÿһ¸ö[,%,?,¶¼ÓÃÒ»¶Ô·½À¨ºÅÀ¨ÆðÀ´
ʾÀý£º
insert into Test(Name) values("ÓÃ'Ë«''Òý\/*%%_[[]ºÅ""À¨ÆðÀ´")
²åÈë¼Ç¼ ÓÃ'Ë«''Òý\/*%%_[[]ºÅ"À¨ÆðÀ´
insert into Test(Name) values('ÓÃ"""µ¥''Ʋ[({/*%}]ºÅÀ¨ÆðÀ´')
²åÈë¼Ç¼ ÓÃ"""µ¥'Ʋ[({/*%}]ºÅÀ¨ÆðÀ´
select * from Test where Name like '*[%][%]?[[]*'
²éÕÒº¬ÓÐ %%?[ µÄ×Ö·û´® £¿±íʾһ¸ö×Ö·û,*Æ¥ÅäÈÎÒâ¸ö×Ö·û£¬³ÌÐòÖÐҪд%
select * from Test where Name like '*Ë«''''*'
²éÕÒº¬ÓÐ Ë«'' µÄ×Ö·û´®
²Î¿¼ÍøÖ·
http://www.jb51.net/article/9280.htm
http://topic.csdn.net/t/20051018/1
Õâ¶Îʱ¼äÔÚ×öCMS£¨¿Í»§¹ÜÀíϵͳ£¬²»ÊÇÄÚÈݹÜÀí£©µÄ·ÃÎʹÜÀí¹¦ÄÜ£¬ÒªÇóʵÏÖ¶Ô·þÎñÌṩÉ豸£¬¿Í»§¶Ë£¬¼Æ·Ñ£¬È¨ÏÞÈÏÖ¤µÈÐÅÏ¢µÄ´æ´¢Í³¼Æ£¬Ô¶³Ì¹ÜÀí¡£ÒªÇóϵͳ·¢²¼Òª·½±ã£¬Ô¶³Ì¹ÜÀíÈí¼þÒªÅÜÔÚWINƽ̨¡£¿¼Âǵ½ÏµÍ³¹æÄ££¬¿Í»§ÒªÇó£¬×îºóÑ¡ÔñÁËWIN+ACCESSµÄ·½°¸£¬¶ø×î½üÓÖ·¢ÏÖÒ»¸öÃâ·ÑµÄSQLITE£¬¶øÇÒ¿ÉÄÜÔÚÒÔºóµÄÊÖ³ÖÉ豸ÉÏÓ㬻¨µã ......
<connectionStrings>
<add name="qxConnectionString" connectionString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=Web/App_Data/db2.mdb;" providerName="System.Data.OleDb"/>
</connectionStrings> ......
