ASP.NET ÖÐÈçºÎ·À·¶SQL×¢Èëʽ¹¥»÷
Ò»¡¢Ê²Ã´ÊÇSQL×¢Èëʽ¹¥»÷?
¡¡¡¡ËùνSQL×¢Èëʽ¹¥»÷£¬¾ÍÊǹ¥»÷Õß°ÑSQLÃüÁî²åÈëµ½Web±íµ¥µÄÊäÈëÓò»òÒ³ÃæÇëÇóµÄ²éѯ×Ö·û´®£¬ÆÛÆ·þÎñÆ÷Ö´ÐжñÒâµÄSQLÃüÁî¡£ÔÚijЩ±í
µ¥ÖУ¬Óû§ÊäÈëµÄÄÚÈÝÖ±½ÓÓÃÀ´¹¹Ôì(»òÕßÓ°Ïì)¶¯Ì¬SQLÃüÁ»ò×÷Ϊ´æ´¢¹ý³ÌµÄÊäÈë²ÎÊý£¬ÕâÀà±íµ¥ÌرðÈÝÒ×Êܵ½SQL×¢Èëʽ¹¥»÷¡£³£¼ûµÄSQL×¢Èëʽ¹¥
»÷¹ý³ÌÀàÈ磺
¡¡¡¡¢Å ij¸öASP.NET WebÓ¦ÓÃÓÐÒ»¸öµÇÂ¼Ò³Ãæ£¬Õâ¸öµÇÂ¼Ò³Ãæ¿ØÖÆ×ÅÓû§ÊÇ·ñÓÐȨ·ÃÎÊÓ¦Óã¬ËüÒªÇóÓû§ÊäÈëÒ»¸öÃû³ÆºÍÃÜÂë¡£
¡¡¡¡¢Æ µÇÂ¼Ò³ÃæÖÐÊäÈëµÄÄÚÈݽ«Ö±½ÓÓÃÀ´¹¹Ô춯̬µÄSQLÃüÁ»òÕßÖ±½ÓÓÃ×÷´æ´¢¹ý³ÌµÄ²ÎÊý¡£ÏÂÃæÊÇASP.NETÓ¦Óù¹Ôì²éѯµÄÒ»¸öÀý×Ó£º
¡¡¡¡
System.Text.StringBuilder query = new System.Text.StringBuilder("SELECT * from Users WHERE login = '")¡£
Append(txtLogin.Text)¡£Append("' AND password='")¡£
Append(txtPassword.Text)¡£Append("'");
¡¡¡¡¢Ç ¹¥»÷ÕßÔÚÓû§Ãû×ÖºÍÃÜÂëÊäÈë¿òÖÐÊäÈë"'»ò'1'='1"Ö®ÀàµÄÄÚÈÝ¡£
¡¡¡¡¢È Óû§ÊäÈëµÄÄÚÈÝÌá½»¸ø·þÎñÆ÷Ö®ºó£¬·þÎñÆ÷ÔËÐÐÉÏÃæµÄASP.NET´úÂë¹¹Ôì³ö²éѯÓû§µÄSQLÃüÁµ«ÓÉÓÚ¹¥»÷ÕßÊäÈëµÄÄÚÈݷdz£ÌØÊ⣬Ëù
ÒÔ×îºóµÃµ½µÄSQLÃüÁî±ä
³É£ºSELECT * from Users WHERE login = '' or '1'='1' AND password = '' or '1'='1'.
¡¡¡¡¢É ·þÎñÆ÷Ö´Ðвéѯ»ò´æ´¢¹ý³Ì£¬½«Óû§ÊäÈëµÄÉí·ÝÐÅÏ¢ºÍ·þÎñÆ÷Öб£´æµÄÉí·ÝÐÅÏ¢½øÐжԱȡ£
¡¡¡¡¢Ê ÓÉÓÚSQLÃüÁîʵ¼ÊÉÏÒѱ»×¢Èëʽ¹¥»÷Ð޸ģ¬ÒѾ²»ÄÜÕæÕýÑéÖ¤Óû§Éí·Ý£¬ËùÒÔϵͳ»á´íÎóµØÊÚȨ¸ø¹¥»÷Õß¡£
¡¡¡¡Èç¹û¹¥»÷ÕßÖªµÀÓ¦ÓûὫ±íµ¥ÖÐÊäÈëµÄÄÚÈÝÖ±½ÓÓÃÓÚÑéÖ¤Éí·ÝµÄ²éѯ£¬Ëû¾Í»á³¢ÊÔÊäÈëÄ³Ð©ÌØÊâµÄSQL×Ö·û´®´Û¸Ä²éѯ¸Ä±äÆäÔÀ´µÄ¹¦ÄÜ£¬ÆÛÆÏµÍ³
ÊÚÓè·ÃÎÊȨÏÞ¡£
¡¡¡¡ÏµÍ³»·¾³²»Í¬£¬¹¥»÷Õß¿ÉÄÜÔì³ÉµÄËðº¦Ò²²»Í¬£¬ÕâÖ÷ÒªÓÉÓ¦Ó÷ÃÎÊÊý¾Ý¿âµÄ°²È«È¨ÏÞ¾ö¶¨¡£Èç¹ûÓû§µÄÕÊ»§¾ßÓйÜÀíÔ±»òÆäËû±È½Ï¸ß¼¶µÄȨÏÞ£¬¹¥»÷Õß
¾Í¿ÉÄܶÔÊý¾Ý¿âµÄ±íÖ´Ðи÷ÖÖËûÏëÒª×öµÄ²Ù×÷£¬°üÀ¨Ìí¼Ó¡¢É¾³ý»ò¸üÐÂÊý¾Ý£¬ÉõÖÁ¿ÉÄÜÖ±½Óɾ³ý±í¡£
¡¡¡¡¶þ¡¢ÈçºÎ·À·¶?
¡¡¡¡ºÃÔÚÒª·ÀÖ¹ASP.NETÓ¦Óñ»SQL×¢Èëʽ¹¥»÷´³Èë²¢²»ÊÇÒ»¼þÌØ±ðÀ§ÄѵÄÊÂÇ飬ֻҪÔÚÀûÓÃ±íµ¥ÊäÈëµÄÄÚÈݹ¹ÔìSQLÃüÁî֮ǰ£¬°ÑËùÓÐÊäÈëÄÚ
ÈݹýÂËÒ»·¬¾Í¿ÉÒÔÁË¡£¹ýÂËÊäÈëÄ
Ïà¹ØÎĵµ£º
1 TOP
ÕâÊÇÒ»¸ö´ó¼Ò¾³£Îʵ½µÄÎÊÌ⣬ÀýÈçÔÚSQLSERVERÖпÉÒÔʹÓÃÈçÏÂÓï¾äÀ´È¡µÃ¼Ç¼¼¯ÖеÄǰʮÌõ¼Ç¼£º
SELECT TOP 10 * from [index] ORDER BY indexid DESC;
µ«ÊÇÕâÌõSQLÓï¾äÔÚSQLiteÖÐÊÇÎÞ·¨Ö´Ðеģ¬Ó¦¸Ã¸ÄΪ£º
SELECT * from [index] ORDER BY indexid DESC limit 0,10;
ÆäÖÐlimit 0,10±íʾ´ÓµÚ0Ìõ¼Ç¼¿ªÊ¼£¬Íùºó ......
.Çå¿ÕÈÕÖ¾
DUMP TRANSACTION ¿âÃû WITH NO_LOG
2.½Ø¶ÏÊÂÎñÈÕÖ¾£º
BACKUP LOG ¿âÃû WITH NO_LOG
3.ÊÕËõÊý¾Ý¿âÎļþ(Èç¹û²»Ñ¹Ëõ,Êý¾Ý¿âµÄÎļþ²»»á¼õС
ÆóÒµ¹ÜÀíÆ÷--ÓÒ¼üÄãҪѹËõµÄÊý¾Ý¿â--ËùÓÐÈÎÎñ--ÊÕËõÊý¾Ý¿â--ÊÕËõÎļþ--Ñ¡ÔñÈÕÖ¾Îļþ--ÔÚÊÕËõ·½Ê½ÀïÑ¡ÔñÊÕËõÖÁXXM,ÕâÀï»á¸ø³öÒ»¸öÔÊÐíÊÕËõµ½µÄ×îСMÊý,Ö±½Ó ......
1. In "MicroSoft SQL Server Management Studio", right click SQL Server instance, select "Properties", select "Security" in left panel and check "SQL Server and Windows Authentication mode" in right Panel.
2. In "SQL Server Configuration Manager", select "SQL Server Network Configuration > ......
USE Test
--Create 2 tables as an example
CREATE TABLE ExampleTable
(
[ID] int PRIMARY KEY
,[Name] nvarchar(256)
)
CREATE TABLE ExampleTable2
(
[ID] int PRIMARY KEY
,[Name] nvarchar(256)
)
----way1
SELECT *
from sys.objects [table]
WHERE
[Name] LIKE 'ExampleTable%'
FOR XML AUTO, ROOT ......
1.¾¡Á¿Ê¹ÓÃHtml¾²Ì¬Ò³Ãæ¡£aspxÔÚÊý¾Ý½»»¥·½ÃæÓкܺõĵĽ»»¥ÄÜÁ¦£¬µ«ÊÇÒ²»áÏûºÄÒ»¶¨µÄ·þÎñÆ÷×ÊÔ´£¬ËùÒÔÎÒÃǾ¡Á¿Óô¿htmlµÄҳȥʵÏÖ¡£×îÖØÒªµÄCMSµÄÓ¦ÓÃ
2.±ÜÃâ²»±ØÒªµÄ»ØËͲÙ×÷£¬Ã¿´Îµ¥»÷Ò³Ãæ°´Å¥¶¼Òª¼ÓÔØPage_Loadʼþ£¬ÓÃPage.IsPostBack±ÜÃâ²»±ØÒªµÄ¼ÓÔØ
3.¾¡Á¿ÔÚ¿Í»§¶Ë½øÐÐÑéÖ¤²Ù×÷£¬Í¨¹ýjs½øÐÐʵÏÖ
4.ÓÅÏÈʹÓÃHtml¿ ......