C#.NET·ÀÖ¹SQL×¢Èëʽ¹¥»÷
1 ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£© #region ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£©
2
3 /**/ ///
4 /// ÅжÏ×Ö·û´®ÖÐÊÇ·ñÓÐSQL¹¥»÷´úÂë
5 ///
6 /// ´«ÈëÓû§Ìá½»Êý¾Ý
7 /// true-°²È«£»false-ÓÐ×¢Èë¹¥»÷ÏÖÓУ»
8 public bool ProcessSqlStr( string inputString)
9 {
10 string SqlStr = @" and|or|exec|execute|insert|select|delete|update|alter|create|drop|count|\*|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net +localgroup +administrators " ;
11 try
12 {
13 if ((inputString != null ) && (inputString != String.Empty))
14 {
15 string str_Regex = @" \b( " + SqlStr + @" )\b " ;
16
17 Regex Regex = new Regex(str_Regex, RegexOptions.IgnoreCase);
18 // string s = Regex.Match(inputString).Value;
19 if ( true == Regex.IsMatch(inputString))
20 return false ;
21
22 &
Ïà¹ØÎĵµ£º
ϵͳ»·¾³£ºWindows 7
Èí¼þ»·¾³£ºVisual C++ 2008 SP1 +SQL Server 2005
±¾´ÎÄ¿µÄ£º±àдһ¸öº½¿Õ¹ÜÀíϵͳ
ÕâÊÇÊý¾Ý¿â¿Î³ÌÉè¼ÆµÄ³É¹û£¬ËäÈ»³É¼¨²»¼Ñ£¬µ«ÊÇ×÷ΪÎÒÓÃVC++ ÒÔÀ´±àдµÄ×î´ó³ÌÐò»¹ÊÇ´«µ½ÍøÉÏ£¬ÒÔ¹©²Î¿¼¡£ÓÃVC++ ×öÊý¾Ý¿âÉè¼Æ²¢²»ÈÝÒ×£¬µ«Ò²²»ÊDz»¿ÉÄÜ¡£ÒÔÏÂÊÇÎҵijÌÐò½çÃ棬ºóÃæ ......
create table tb (ptoid int,proclassid int,proname varchar(10))
insert tb
select 1,1,'Ò·þ1'
union all
select 2,2,'Ò·þ2'
union all
select 3,3,'Ò·þ3'
union all
select 4,3,'Ò·þ4'
union all
select 5,2,'Ò·þ5'
union all
select 6,2,'Ò·þ6'
union all
select 7,2,'Ò·þ7'
union all
select 8 ......
µÚÒ»Ìõ£º
select * from where field in (1,2,3) ÕâÖÖд·¨Ó¦¸ÃÉáÆúÁË£¬¶øÓ¦¸ÃÕâÑùд£º
select * from table where field = 1 or field = 2 or field = 3
ΪʲôÄØ£¿
·²ÊÂÖ»ÓÐ×ö¹ý²ÅÖªµÀ£¬×Ô¼º½¨¸ö±í£¬²åÈë10WÌõ²âÊÔÊý¾Ý£¬ÓÃsql²âÊÔһϱãÖª£¬ÒòΪ¹¤×÷±ãÀû£¬ÎÒÔÚ²úÆ·»úºÍÍâÍø²âÊÔ»ú¶¼ÒѾ²âÊÔ¹ý£ ......
˵µ½Èí½âÎö£¨soft prase
£©ºÍÓ²½âÎö£¨
hard prase
£©£¬¾Í²»Äܲ»ËµÒ»ÏÂ
Oracle
¶Ô
sql
µÄ´¦Àí¹ý³Ì¡£µ±Äã·¢³öÒ»Ìõ
sql
Óï¾ä½»¸¶
Oracle
£¬ÔÚÖ´ÐкͻñÈ¡½á¹ûÇ°£¬
Oracle
¶Ô´Ë
sql
½«½øÐм¸¸ö²½ÖèµÄ´¦Àí¹ý³Ì£º
1¡¢Óï·¨¼ì²é£¨
syntax check
£©
&nb ......
ÓÐÐí¶à²»Í¬ÀàÐ͵ÄÊý¾Ý¿â¹ÜÀíÔ±¡£ һЩÀàÐ͵ÄÊý¾Ý¿â¹ÜÀíÔ±ÖÂÁ¦ÓÚÓÚ¿ª·¢ÁìÓò£¬¶øÆäËûµÄÒ»²¿·Ö¸üÖØÊÓÊý¾Ý¿âÐÔÄܵĵ÷ÕûÒÔ¼°ÈÔÈ»ÓÐÒ»²¿·ÖÊý¾Ý¿â¹ÜÀíÔ±ÔòÖÂÁ¦ÓÚ¹ÜÀíSQL ServerµÄÒµÎñ¡£ ÒÀ¾ÝÊý¾Ý¿â¹ÜÀíÔ±µÄ¹¤×÷»·¾³²»Í¬£¬ËûÃǽ«Ö´ÐÐÒ»¶¨ÊýÁ¿µÄ²»Í¬µÄÈÎÎñ¡£ÎªÁËÇø·ÖËùÓв»Í¬µÄÈÎÎñ£¬Êý¾Ý¿â¹ÜÀíÔ±¿ÉÄÜÒªÖ´ÐÐÎÒÇåµ¥ÉÏËùÁеÄÈÎÎñ¡£
¡¡ ......
