C#.NET·ÀÖ¹SQL×¢Èëʽ¹¥»÷
1 ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£© #region ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£©
2
3 /**/ ///
4 /// ÅжÏ×Ö·û´®ÖÐÊÇ·ñÓÐSQL¹¥»÷´úÂë
5 ///
6 /// ´«ÈëÓû§Ìá½»Êý¾Ý
7 /// true-°²È«£»false-ÓÐ×¢Èë¹¥»÷ÏÖÓУ»
8 public bool ProcessSqlStr( string inputString)
9 {
10 string SqlStr = @" and|or|exec|execute|insert|select|delete|update|alter|create|drop|count|\*|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net +localgroup +administrators " ;
11 try
12 {
13 if ((inputString != null ) && (inputString != String.Empty))
14 {
15 string str_Regex = @" \b( " + SqlStr + @" )\b " ;
16
17 Regex Regex = new Regex(str_Regex, RegexOptions.IgnoreCase);
18 // string s = Regex.Match(inputString).Value;
19 if ( true == Regex.IsMatch(inputString))
20 return false ;
21
22 &
Ïà¹ØÎĵµ£º
±í£ºÓû§ºÅÂ룬µÇ¼ʱ¼ä
ÏÔʾ £ºÃ¿ÈյǼ¸÷ʱ¼ä¶ÎµÄµÇ¼ÈËÊý£¬ºÍÿÌìµÇ¼ÈËÊý
if isnull(object_id('#tb'),'')=''
drop table #tb
CREATE TABLE #tb(ÁÐÃû1 varchar(12),ʱ¼ä datetime)
INSERT INTO #tb
SELECT '03174190188','2009-11-01 07:17:39.217' UNION ALL
SELECT '015224486575','2009-11-01 08:01:17.153' ......
create table tb (ptoid int,proclassid int,proname varchar(10))
insert tb
select 1,1,'Ò·þ1'
union all
select 2,2,'Ò·þ2'
union all
select 3,3,'Ò·þ3'
union all
select 4,3,'Ò·þ4'
union all
select 5,2,'Ò·þ5'
union all
select 6,2,'Ò·þ6'
union all
select 7,2,'Ò·þ7'
union all
select 8 ......
¡¾1¡¿
create procedure proc_pager1
( @pageIndex int, -- ҪѡÔñµÚXÒ³µÄÊý¾Ý
@pageSize int -- ÿҳÏÔʾ¼Ç¼Êý
)
AS
BEGIN
declare @sqlStr varchar(500)
set @sqlStr='select top '+con ......
µÚÒ»Ìõ£º
select * from where field in (1,2,3) ÕâÖÖд·¨Ó¦¸ÃÉáÆúÁË£¬¶øÓ¦¸ÃÕâÑùд£º
select * from table where field = 1 or field = 2 or field = 3
ΪʲôÄØ£¿
·²ÊÂÖ»ÓÐ×ö¹ý²ÅÖªµÀ£¬×Ô¼º½¨¸ö±í£¬²åÈë10WÌõ²âÊÔÊý¾Ý£¬ÓÃsql²âÊÔһϱãÖª£¬ÒòΪ¹¤×÷±ãÀû£¬ÎÒÔÚ²úÆ·»úºÍÍâÍø²âÊÔ»ú¶¼ÒѾ²âÊÔ¹ý£ ......
˵µ½Èí½âÎö£¨soft prase
£©ºÍÓ²½âÎö£¨
hard prase
£©£¬¾Í²»Äܲ»ËµÒ»ÏÂ
Oracle
¶Ô
sql
µÄ´¦Àí¹ý³Ì¡£µ±Äã·¢³öÒ»Ìõ
sql
Óï¾ä½»¸¶
Oracle
£¬ÔÚÖ´ÐкͻñÈ¡½á¹ûÇ°£¬
Oracle
¶Ô´Ë
sql
½«½øÐм¸¸ö²½ÖèµÄ´¦Àí¹ý³Ì£º
1¡¢Óï·¨¼ì²é£¨
syntax check
£©
&nb ......
