Ò׽ؽØͼÈí¼þ¡¢µ¥Îļþ¡¢Ãâ°²×°¡¢´¿ÂÌÉ«¡¢½ö160KB

½â¾öASP·ÀSQL×¢Èë¹¥»÷³ÌÐòÎÊÌâ


ÏÖÔڱȽÏÁ÷ÐеÄSQL×¢È빤¾ßµÄ¹¤×÷·½Ê½ÊÇͨ¹ýGETºÍPOSTÀ´Íê³É¾ßÌåµÄ×¢Èë¡£ÎÒÃÇ¿ÉÒÔ½«×¢ÈëʱËùÓõ½µÄÒ»ÇзûºÅ¹ýÂ˵ô¡£ÄÇôÎÒÃÇ¿ÉÒÔͨ¹ý¼òµ¥µÄÅжÏÓï¾äÀ´´ïµ½Ä¿µÄ¡£ÎÒÃÇÏÈÀ´¹ýÂËGET°É¡£
´úÂëÈçÏ£º
dim sql_injdata SQL_inj SQL_Get
SQL_injdata = "’|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
Response.Write "<Script Language=JavaScript>alert(’Çë²»ÒªÔÚ²ÎÊýÖаüº¬·Ç·¨×Ö·û³¢ÊÔ×¢È룡’);history.back(-1)</Script>"
Response.end
end if
next
Next
End If
        ÕâÑùÎÒÃÇͨ¹ý¼òµ¥µÄÓï¾äÎÒÃǾͰÑһЩעÈëËù±ØÐëµÄÓï¾äºÍ·ûºÅ¹ýÂ˵ôÁË¡£·Ç³£Ð¡ÇÉÁé±ã£¬Ö»Òª²åµ½Ïñconn.aspÕâÑùÀàËƱ»µ÷ÓñȽϹ㷺µÄÒ³ÃæÖС£Í¬ÑùPOSTÎÒÃÇÒ²¿ÉÒÔͨ¹ýÈçÏ´úÂë¹ýÂË£¬ÎÒÃÇ¿ÉÒÔ½«Á½¶Î´úÂëÕûºÍµ½Ò»Æð¡£
ÎÒÃÇÀ´¿´¿´´úÂë°É£º
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
Response.Write "<Script Language=JavaScript>alert(’Çë²»ÒªÔÚ²ÎÊýÖаüº¬·Ç·¨×Ö·û³¢ÊÔ×¢È룡 ’);history.back(-1)</Script>"
Response.end
end if
next
next
end if
ÍøÉÏÓÖÁ÷ÐÐÒ»¸ö¼ÓÇ¿°æµÄASP·À×¢´úÂë¡£
´úÂëÈçÏ£º
<%
'ASP·À×¢ÈëÖ®½â¾ö·½°¸
'ÌØÊâÒ³Ãæ´¦Àí
'ÒòΪÓÐЩҳͨ¹ýÁ÷ʽ´«µÝ(±ÈÈ纬ÓÐÎļþÉÏ´«µÄ±íµ¥)
'Èç¹ûµ¥Ò»Ê¹ÓÃÇî¾ÙForm¶ÔÏóµÄ²Ù×÷¾Í»á³ö´í
'ËùÒÔÒª°ÑÕâЩҳÃæ¹ýÂ˳öÀ´,ͬʱÔÚÒ³ÃæÖÐʹÓÃsql("¼ì²âµÄ×Ö´®")²ÅÐÐ
'½«±¾Ò³ÓÃinclude·½·¨·ÅÔÚÍ·²¿ÒÔÈÃËùÓÐÒ³¶¼¿ÉÒÔµ÷ÓÃ,±ÈÈçincludeÔÚconn.aspÀï
'Èç¹ûÓÐÁ÷ʽÉÏ´«µÄÒ³ÃæÇë°Ñ¸ÃÒ³¼Óµ½±ípageÖÐ,ÒÔ·Àform³åÍ»
Dim N_no,N_noarray,req_Qs,req_F,N_i,N_dbstr,Conn,N_rs,N_userIP,N_thispage
N_userip = Request.ServerVariables("REMOTE_ADDR")
N_thispage = LCase(Request.ServerVariables("URL"))
N_no = "'|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare" '¿ÉÒÔ×Ô¼º


Ïà¹ØÎĵµ£º

SQL Server2005 ±í·ÖÇøÈý²½Çú

Ç°ÑÔ
SQL Server 2005¿ªÊ¼Ö§³Ö±í·ÖÇø£¬ÕâÖÖ¼¼ÊõÔÊÐíËùÓеıí·ÖÇø¶¼±£´æÔÚͬһ̨·þÎñÆ÷ÉÏ¡£Ã¿Ò»¸ö±í·ÖÇø¶¼ºÍÔÚij¸öÎļþ×é(filegroup)Öеĵ¥¸öÎļþ¹ØÁª¡£Í¬ÑùµÄÒ»¸öÎļþ/Îļþ×é¿ÉÒÔÈÝÄɶà¸ö·ÖÇø±í¡£ÔÚÕâÖÖÉè¼Æ¼Ü¹¹Ï£¬Êý¾Ý¿âÒýÇæÄܹ»Åж¨²éѯ¹ý³ÌÖÐÓ¦¸Ã·ÃÎÊÄĸö·ÖÇø£¬¶ø²»ÓÃɨÃèÕû¸ö±í¡£Èç¹û²éѯÐèÒªµÄÊý¾ÝÐзÖÉ¢ÔÚ¶à¸ö·ÖÇøÖ ......

Óɽ«SQL²éѯ½á¹ûת»¯ÎªpojoµÄÏëµ½µÄ

½ñÌìÔÚÍøÉÏÉÏ¿´¼ûһƪ“½«SQL²éѯ½á¹ûת»¯Îªpojo¶ÔÏóµÄ”²©¿Í£¬²©Ö÷×Ô¶¨Òå×öÁËÒ»¸öÀàÈçÏ£º
import java.lang.reflect.Field;  
import java.util.List;  
 
import org.hibernate.HibernateException;  
import org.hibernate.property.ChainedPropertyAccessor;&n ......

SQL Server2000ÖÐËÀËø¾­Ñé×ܽá

   ÎÒÃÇÔÚ×öºÜ¶àÏîĿʱ¶¼ÒªÉæ¼°µ½Êý¾Ý¿â£¬ÌرðÊÇһЩ±È½Ï´óÐ͵ÄwebÏîÄ¿£¬¸üÊÇÓнϴóµÄ²¢·¢´¦Àí£¬ËùÒÔ¶ÔÊý¾Ý¿âµÄ²Ù×÷ÓпÉÄÜ»á²úÉúËÀËø£¬¶ÔÓÚÊý¾Ý¿âµÄËÀËø£¬Ò»°ãÊý¾Ý¿âϵͳ¶¼»áÓÐÒ»Ì×»úÖÆÈ¥½âËø£¬Ò»°ã²»»áÔì³ÉÊý¾Ý¿âµÄ̱»¾£¬µ«½âËøµÄ¹ý³Ì»áÔì³ÉÊý¾Ý¿âÐÔÄܵļ±ËÙϽµ£¬·´Ó³µ½³ÌÐòÉϾͻáÔì³É³ÌÐòµÄ·´Ó¦ÐÔÄܵÄϽµ£¬²¢ ......

¹ØÓÚmysqlÖд¥·¢Æ÷Ö´Ðж¯Ì¬sqlµÄÎÊÌâ

    Õ⼸ÌìÊÖÍ·¿ª·¢µÄϵͳҪ×öÒ»¸öÀàËÆwindowsÕË»§µ½ÆÚʱ¼äµÄ¹¦ÄÜ£¬¿¼ÂÇÁË°ëÌìÏë³öÁËÒ»¸ö¼¼ÊõÉϺÍÂß¼­É϶¼»¹ÄÜʵÏֵĽâ¾ö·½°¸£º
´´½¨Ò»¸öÓû§´æÈëÊý¾Ý¿âµÄʱºò¶¼´´½¨Ò»¸öʼþµ÷¶ÈÆ÷À´¿ØÖÆÓû§µÄµ½ÆÚʱ¼ä£¨mysqlµÄʱ¼äµ÷¶ÈÆ÷ȷʵºÜ·½±ã£©¡£ÏëÆðÀ´ÊǺܼòµ¥£¬µ«ÊÇ×öÆðÀ´ÎÊÌâȷʵһ²¨½ÓÒ»²¨...
һЩСÎÊÌâ¾Í²» ......

sqlÓï¾ä

select gztzid,
       gztztt,
       gztzbt,
       gztznr,
       fslxmc,
       decode(fsfs, '0', 'ÎÞÐè»Ø¸´', '1', 'ÐèÒª»Ø¸´') fsfs,
 &nb ......
© 2009 ej38.com All Rights Reserved. ¹ØÓÚE½¡ÍøÁªÏµÎÒÃÇ | Õ¾µãµØͼ | ¸ÓICP±¸09004571ºÅ