AccessÖÐÊý¾Ý¿âתÒå×Ö·û¹æÔò£º
²åÈë¡¢¸üС¢=Æ¥Åä Êý¾Ýʱ£¬Îı¾ÀàÐÍÈçÓÃ''À¨ÆðÀ´£¬Öмä¿ÉÒÔÓÐ ",*,%,[,],\,/,?,(,),{,}µÄÈÎÒâ×éºÏ£¬ÈçÒª²åÈëÒ»¸ö',Ðèд''²¢ÔÚÕû¸ö±í´ïʽÍâÌ×Ò»¶Ô''
È磬²åÈë 'ÕÅ''Èý',Êý¾Ý¿âÀï¾ÍÊÇ ÕÅ'Èý£¬Ó÷½À¨ºÅÊDz»¿ÉÒÔµÄ
²åÈë¡¢¸üС¢=Æ¥Åä Êý¾Ýʱ£¬Îı¾ÀàÐÍÈçÓÃ""À¨ÆðÀ´£¬Öмä¿ÉÒÔÓÐ ',*,%,[,],\,/,?,(,),{,}µÄÈÎÒâ×éºÏ£¬ÈçÒª²åÈëÒ»¸ö',Ðèд''²¢ÔÚÕû¸ö±í´ïʽÍâÌ×Ò»¶Ô""
È磬²åÈë"ÕÅ""Èý",Êý¾Ý¿âÀïÊÇ ÕÅ"Èý
Ä£ºýÆ¥Åäʱ£¬Îı¾ÀàÐÍÓÃ''À¨ÆðÀ´,Öмä¿ÉÒÔÓÐ ",*,],\,/,(,),{,}ÈÎÒâ×éºÏ,¶Ô[,%,?,ÐèÒªÔÚÿ¸öÌØÊâ·ûºÅ×óÓÒ½ô¸ú×ÅÌ×Ò»¶Ô[],
ÈçҪƥÅä[?,Ӧд Like '%[[][?]%',²»ÄÜд Like '%[[?]%',ºóÕß»áÆ¥Å京ÓÐ[»ò?µÄ¼Ç¼£¬¶ø[?²»Ò»¶¨»áÆ¥Åäµ½½ô°¤Ò»Æð¡£
×ܽ᣺
²åÈë¡¢¸üС¢µÈÓÚÆ¥Åä Êý¾Ýʱ£¬Í³Ò»½«Îı¾ÀàÐÍÓÃ''À¨ÆðÀ´£¬Ö»ÐèÒª½«´ý²åÈë±í´ïʽÖеÄ'ת»¯Îª''
ÔÚÄ£ºýÆ¥Åäʱ£¬Îı¾ÀàÐÍͳһÓÃ''À¨ÆðÀ´£¬½«'תΪ'',ͬʱ¶Ôÿһ¸ö[,%,?,¶¼ÓÃÒ»¶Ô·½À¨ºÅÀ¨ÆðÀ´
ʾÀý£º
insert into Test(Name) values("ÓÃ'Ë«''Òý\/*%%_[[]ºÅ""À¨ÆðÀ´")
²åÈë¼Ç¼ ÓÃ'Ë«''Òý\/*%%_[[]ºÅ"À¨ÆðÀ´
insert into Test(Name) values('ÓÃ"""µ¥''Ʋ[({/*%}]ºÅÀ¨ÆðÀ´')
²åÈë¼Ç¼ ÓÃ"""µ¥'Ʋ[({/*%}]ºÅÀ¨ÆðÀ´
select * from Test where Name like '*[%][%]?[[]*'
²éÕÒº¬ÓÐ %%?[ µÄ×Ö·û´® £¿±íʾһ¸ö×Ö·û,*Æ¥ÅäÈÎÒâ¸ö×Ö·û£¬³ÌÐòÖÐҪд%
select * from Test where Name like '*Ë«''''*'
²éÕÒº¬ÓÐ Ë«'' µÄ×Ö·û´®
²Î¿¼ÍøÖ·
http://www.jb51.net/article/9280.htm
http://topic.csdn.net/t/20051018/1
Ò»Ö±¼áÐÅ×Ô¼ºSQLÓï¾äÍæµÄ»¹ÊDz»´íµÄ£¬µ«ÊÇÕâ¸ö¹ÖÒìµÄÎÊÌ⻹ÊÇһֱŪµÃÎÒºÜÀDZ·£¬Ò»ÉÏÎçµÄʱ¼äûÕÒµ½ÔÒò£¬oracle£¬ MSSQL£¬MySQL,DB2¶¼Íæ¹ý£¬¾ÍûÕâôÓôÃƹý¡£¡£´ÓÀàÐͶÔÓ¦µ½×ֶΡ£¡£ÔÙµ½Êý¾Ý¿â¹ÜÀíÉèÖᣡ£ËùÓÐÄܼì²éµÄ¶¼¼ì²éÁË¡£¡£»¹Ã»ÕÒµ½¡£¡£×îºóÕÒµ½ÔÒòÁË¡£¡£sum us ......
ÕâÁ½Ì쿪ʼѧϰACCESSÊý¾Ý¿âµÄÁ¬½Ó£¬¸Ð¾õ²»ÊÇÌرðµÄ˳ÊÖ£¬¶ÔÊý¾Ý¿âµÄÁ¬½ÓµÄÕû¸ö¹ý³Ì»¹²»ÊÇÌرðµÄÁ˽⡣
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
usi ......
<connectionStrings>
<add name="qxConnectionString" connectionString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=Web/App_Data/db2.mdb;" providerName="System.Data.OleDb"/>
</connectionStrings> ......
