ASP.NET SQL ×¢Èë½â¾ö·½°¸
ÈκÎÒ»ÖÖʹÓÃÊý¾Ý¿âweb³ÌÐò£¨µ±È»£¬Ò²°üÀ¨×ÀÃæ³ÌÐò£©¶¼Óб»SQL×¢ÈëµÄ·çÏÕ¡£·ÀÖ¹±»SQL×¢È룬×î»ù±¾µÄ·½·¨ÊÇÔÚ´úÂ뼶±ð¾ÍÒª×èÖ¹ÕâÖÖ¿ÉÄÜ£¬Õâ¸öÍøÉϽ²µÄºÜ¶à£¬ÎҾͲ»¶à˵ÁË¡£²»¹ýÈç¹ûÄãÄõ½µÄÊÇÒ»¸öÒѾÍ깤µÄ²úÆ·£¬Õâ¸öʱºò¸ÃÈçºÎ½â¾öÄØ£¿ÎÒ½éÉܼ¸ÖÖ¶ÔÓÚASPºÍASP.NETÓÐЧµÄ·ÀÖ¹SQL×¢ÈëµÄ·½°¸£¬¶øÇÒÊÇÃâ·ÑµÄ¡£
UrlScan 3.1
UrlScan 3.1ÊÇÒ»¸ö°²È«·½ÃæµÄ¹¤¾ß£¬Î¢Èí¹Ù·½µÄ¶«Î÷¡£Ëü»á¼ì²éËùÓÐIIS´¦ÀíµÄHTTPÇëÇó¡£UrlScan ¿ÉÒÔÔÚÓа²È«ÎÊÌâµÄHTTPÇëÇóµ½´ïÓ¦ÓóÌÐò֮ǰ¾Í×èÖ¹Õâ¸öÇëÇó¡£UrlScan 3.1 ÊÇUrlScan 2.5µÄÒ»¸öÉý¼¶°æ±¾£¬Ö§³ÖWindows Vista ºÍWindows Server 2008ϵͳ֮ÉϵÄIIS 5.1, IIS 6.0 ºÍ IIS 7.0¡£
Á´½ÓµØÖ·£ºhttp://www.iis.net/expand/UrlScan ÕâÀﻹÓкܶà·Ç³£ÓÐÓõÄIISÀ©Õ¹£¬¿ÉÒÔ¿´¿´¡£
IIS 6 SQL Injection Sanitation ISAPI Wildcard
Õâ¸öISAPI dll Ò²ÊÇͨ¹ý¼ì²éHTTPÇëÇó±ÜÃâSQL×¢Èë¡£Ö»¼æÈÝwindows 2003É쵀 IIS 6.0¡£¶ÔÓÚWindows XP É쵀 IIS 5 ²»Ö§³Ö¡£
ÕâÊÇÒ»¸ö¿ªÔ´ÏîÄ¿£ºhttp://www.codeplex.com/IIS6SQLInjection
ת×Ô:http://www.cnblogs.com/DotNetNuke/archive/2009/12/30/1635758.html
Ïà¹ØÎĵµ£º
µÚÒ»½×¶Î
Q.±àдһ¸öPL/SQL³ÌÐò¿éÒÔÏÔʾËù¸ø³ö¹ÍÔ±±àºÅµÄ¹ÍÔ±µÄÏêϸÐÅÏ¢¡£
A.
DECLARE
erec emp%ROWTYPE;
BEGIN
SELECT * INTO erec from emp WHERE empno=&¹ÍÔ±±àºÅ;
DBMS_OUTPUT.PUT_LINE('EmpNo' || ' ' || 'Ename' || ' '|| 'Job' || ' ' || 'Manager' || ' ' || 'HireDate' ......
ÎÒÃÇÔÚÊý¾Ý¿âÖÐʹÓñíµÄʱºò,¾³£»áÓöµ½Á½ÖÖʹÓñíµÄ·½·¨,·Ö±ð¾ÍÊÇʹÓÃÁÙʱ±í¼°±í±äÁ¿¡£ÔÚʵ¼ÊʹÓõÄʱºò£¬ÎÒÃÇÈçºÎÁé»îµÄÔÚ´æ´¢¹ý³ÌÖÐÔËÓÃËüÃÇ£¬ËäÈ»ËüÃÇʵÏֵŦÄÜ»ù±¾ÉÏÊÇÒ»ÑùµÄ£¬¿ÉÈçºÎÔÚÒ»¸ö´æ´¢¹ý³ÌÖÐÓÐʱºòȥʹÓÃÁÙʱ±í¶ø²»Ê¹Óñí±äÁ¿£¬ÓÐʱºòȥʹÓñí±äÁ¿¶ø²»Ê¹ÓÃÁÙʱ±íÄØ?
¡¡¡¡ÁÙʱ±í
¡¡¡¡ÁÙʱ±íÓëÓÀ¾Ã±íÏàËÆ£¬ ......
²éѯÖظ´Öµ£¬ÏÔʾ³ö²»Öظ´µÄ²¿·Ö
select distinct(employeeid) from orders
²éѯÁ½¸ö±íÖ®¼äÏàͬÊý¾Ý
select orders.EmployeeID,Employees.EmployeeID
from orders INNER JOIN Employees
on Employees.EmployeeID=orders.EmployeeID
ʵÏÖÄ¿µÄ£¬Ò»¸ö±í´æ·ÅÓû§±àºÅºÍÓû§Ãû£¬ÔÚÁíÒ»¸ö±íÖпÉÒÔ¸ù¾ÝÓû§±àº ......
SqlCommand com = new SqlCommand("select * from myuser where username=@UserName and password=@Pwd", con);
com.Parameters.Add(new SqlParameter("@UserN ......