C#.NET·ÀÖ¹SQL×¢Èëʽ¹¥»÷
1 ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£© #region ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£©
2
3 /**/ ///
4 /// ÅжÏ×Ö·û´®ÖÐÊÇ·ñÓÐSQL¹¥»÷´úÂë
5 ///
6 /// ´«ÈëÓû§Ìá½»Êý¾Ý
7 /// true-°²È«£»false-ÓÐ×¢Èë¹¥»÷ÏÖÓУ»
8 public bool ProcessSqlStr( string inputString)
9 {
10 string SqlStr = @" and|or|exec|execute|insert|select|delete|update|alter|create|drop|count|\*|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net +localgroup +administrators " ;
11 try
12 {
13 if ((inputString != null ) && (inputString != String.Empty))
14 {
15 string str_Regex = @" \b( " + SqlStr + @" )\b " ;
16
17 Regex Regex = new Regex(str_Regex, RegexOptions.IgnoreCase);
18 // string s = Regex.Match(inputString).Value;
19 if ( true == Regex.IsMatch(inputString))
20 return false ;
21
22 &
Ïà¹ØÎĵµ£º
ÎÒÃǵÄSQLÓï¾äµÄÖ´Ðж¼ÊÇÓÉÒ»¸öÀàÀ´Íê³ÉµÄ£¡Õâ¸öÀà¾ÍÊÇSQLStatement£¬Õâ¸öÀà¾ÍÊÇÎÒÃÇÓÃÀ´Ö´ÐÐSQLÓï¾äµÄÀ࣬¸ÃÀàµÄʹÓÃÒ²ÊǷdz£¼òµ¥µÄ£¬ÎÒÃÇÖ»ÐèÒª¼ÇסÁ½¸öÊôÐÔÁ½¸ö·½·¨¡£ÎÒÃÇÀ´¿´Ò»Ï£¡
textÊôÐÔ£ºËùÒªÖ´ÐеÄSQLÓï¾ä£¬¸ÃÊôÐÔÊÇÒ»¸ö×Ö·û´®¸ñʽ£¬ËùÒÔÎÒÃǵÄSQLÓï¾ä¶¼ÊÇ×Ö·û´®£¡
sqlConnectionÊôÐÔ£º¸ÃÊôÐÔÊÇÉèÖÃSQLSt ......
˵µ½Èí½âÎö£¨soft prase
£©ºÍÓ²½âÎö£¨
hard prase
£©£¬¾Í²»Äܲ»ËµÒ»ÏÂ
Oracle
¶Ô
sql
µÄ´¦Àí¹ý³Ì¡£µ±Äã·¢³öÒ»Ìõ
sql
Óï¾ä½»¸¶
Oracle
£¬ÔÚÖ´ÐкͻñÈ¡½á¹ûÇ°£¬
Oracle
¶Ô´Ë
sql
½«½øÐм¸¸ö²½ÖèµÄ´¦Àí¹ý³Ì£º
1¡¢Óï·¨¼ì²é£¨
syntax check
£©
&nb ......
ÎÒÃǶ¼ÖªµÀÔÚOracleÖÐÿÌõSQLÓï¾äÔÚÖ´ÐÐ֮ǰ¶¼ÐèÒª¾¹ý½âÎö£¬ÕâÀïÃæÓÖ·ÖΪÈí½âÎöºÍÓ²½âÎö¡£ÔÚOracleÖдæÔÚÁ½ÖÖÀàÐ͵ÄSQLÓï¾ä£¬Ò»ÀàΪ
DDLÓï¾ä£¨Êý¾Ý¶¨ÒåÓïÑÔ£©£¬ËûÃÇÊÇ´ÓÀ´²»»á¹²ÏíʹÓõģ¬Ò²¾ÍÊÇÿ´ÎÖ´Ðж¼ÐèÒª½øÐÐÓ²½âÎö¡£»¹ÓÐÒ»Àà¾ÍÊÇDMLÓï¾ä£¨Êý¾Ý²Ù×ÝÓïÑÔ£©£¬ËûÃÇ»á¸ù¾ ......
£¨1£© Ñ¡Ôñ×îÓÐЧÂʵıíÃû˳Ðò(Ö»ÔÚ»ùÓÚ¹æÔòµÄÓÅ»¯
Æ÷ÖÐÓÐЧ)£º
Oracle
µÄ
½âÎöÆ÷°´ÕÕ´ÓÓÒµ½×óµÄ˳Ðò´¦Àífrom×Ó¾äÖеıíÃû£¬from×Ó¾äÖÐдÔÚ×îºóµÄ±í(»ù´¡±í driving
table)½«±»×îÏÈ´¦Àí£¬ÔÚfrom×Ó¾äÖаüº¬¶à¸ö±íµÄÇé¿öÏÂ,Äã±ØÐëÑ¡Ôñ¼Ç¼ÌõÊý×îÉٵıí×÷Ϊ»ù´¡±í¡£¼ÙÈçÓÐ3¸öÒÔÉϵıíÁ¬½Ó²éѯ,
ÄÇ¾Í ......
