C#.NET·ÀÖ¹SQL×¢Èëʽ¹¥»÷
1 ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£© #region ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£©
2
3 /**/ ///
4 /// ÅжÏ×Ö·û´®ÖÐÊÇ·ñÓÐSQL¹¥»÷´úÂë
5 ///
6 /// ´«ÈëÓû§Ìá½»Êý¾Ý
7 /// true-°²È«£»false-ÓÐ×¢Èë¹¥»÷ÏÖÓУ»
8 public bool ProcessSqlStr( string inputString)
9 {
10 string SqlStr = @" and|or|exec|execute|insert|select|delete|update|alter|create|drop|count|\*|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net +localgroup +administrators " ;
11 try
12 {
13 if ((inputString != null ) && (inputString != String.Empty))
14 {
15 string str_Regex = @" \b( " + SqlStr + @" )\b " ;
16
17 Regex Regex = new Regex(str_Regex, RegexOptions.IgnoreCase);
18 // string s = Regex.Match(inputString).Value;
19 if ( true == Regex.IsMatch(inputString))
20 return false ;
21
22 &
Ïà¹ØÎĵµ£º
ϵͳ»·¾³£ºWindows 7
Èí¼þ»·¾³£ºVisual C++ 2008 SP1 +SQL Server 2005
±¾´ÎÄ¿µÄ£º±àдһ¸öº½¿Õ¹ÜÀíϵͳ
ÕâÊÇÊý¾Ý¿â¿Î³ÌÉè¼ÆµÄ³É¹û£¬ËäÈ»³É¼¨²»¼Ñ£¬µ«ÊÇ×÷ΪÎÒÓÃVC++ ÒÔÀ´±àдµÄ×î´ó³ÌÐò»¹ÊÇ´«µ½ÍøÉÏ£¬ÒÔ¹©²Î¿¼¡£ÓÃVC++ ×öÊý¾Ý¿âÉè¼Æ²¢²»ÈÝÒ×£¬µ«Ò²²»ÊDz»¿ÉÄÜ¡£ÒÔÏÂÊÇÎҵijÌÐò½çÃ棬ºóÃæ ......
ORACLE SQLÓÅ»¯
£¨1£© Ñ¡Ôñ×îÓÐЧÂʵıíÃû˳Ðò(Ö»ÔÚ»ùÓÚ¹æÔòµÄÓÅ»¯Æ÷ÖÐÓÐЧ)£º
ORACLE µÄ½âÎöÆ÷°´ÕÕ´ÓÓÒµ½×óµÄ˳Ðò´¦Àífrom ×Ó¾äÖеıíÃû£¬from ×Ó¾äÖÐдÔÚ×îºóµÄ±í
(»ù´¡±ídriving table)½«±»×îÏÈ´¦Àí£¬ÔÚfrom ×Ó¾äÖаüº¬¶à¸ö±íµÄÇé¿öÏÂ,Äã±ØÐëÑ¡Ôñ¼Ç
¼ÌõÊý×îÉٵıí×÷Ϊ»ù´¡±í¡£Èç¹ûÓÐ3¸öÒÔÉϵıíÁ¬½Ó²éѯ, ÄǾÍÐè ......
C#ÖÐÒÔwindowsÑéÖ¤·½Ê½Á¬½ÓSQL serverÊý¾Ý¿âµÄÀà¡£ºÜ¶àÈËÁ¬½ÓÊý¾Ý¿âʱ¿ÉÄܶ¼ÊÇÍøÉϲéÁËÈ»ºó¾ÍÁ¬ÁË£¬¶ÔÓÚ²ÎÊýµÄº¬Òåµ¹ÊÇûÔõôÔÚÒ⣬żҲÊÇ£¨ºÇºÇ£©£¬µ±È»ÎÒÃǶ¼×¢Öؽá¹ûÂ¿ÉÊÇÕâÑù²»ÈÝÒ×¼ÇÒäÿ´ÎÁ¬µÄʱºò¶¼ÊÇÉÏÍø²é£¬¸Ð¾õͦ²»·½±ã£¬ËùÒÔË÷ÐÔ²éÁËһϡ£~~~Integrated Security=True£»±íʾÔÚÁ¬½ÓÊý¾Ý¿â½øÐÐÉí·ÝÑé֤ʱÓÃwind ......
µÚÒ»Ìõ£º
select * from where field in (1,2,3) ÕâÖÖд·¨Ó¦¸ÃÉáÆúÁË£¬¶øÓ¦¸ÃÕâÑùд£º
select * from table where field = 1 or field = 2 or field = 3
ΪʲôÄØ£¿
·²ÊÂÖ»ÓÐ×ö¹ý²ÅÖªµÀ£¬×Ô¼º½¨¸ö±í£¬²åÈë10WÌõ²âÊÔÊý¾Ý£¬ÓÃsql²âÊÔһϱãÖª£¬ÒòΪ¹¤×÷±ãÀû£¬ÎÒÔÚ²úÆ·»úºÍÍâÍø²âÊÔ»ú¶¼ÒѾ²âÊÔ¹ý£ ......
