C#.NET·ÀÖ¹SQL×¢Èëʽ¹¥»÷
1 ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£© #region ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£©
2
3 /**/ ///
4 /// ÅжÏ×Ö·û´®ÖÐÊÇ·ñÓÐSQL¹¥»÷´úÂë
5 ///
6 /// ´«ÈëÓû§Ìá½»Êý¾Ý
7 /// true-°²È«£»false-ÓÐ×¢Èë¹¥»÷ÏÖÓУ»
8 public bool ProcessSqlStr( string inputString)
9 {
10 string SqlStr = @" and|or|exec|execute|insert|select|delete|update|alter|create|drop|count|\*|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net +localgroup +administrators " ;
11 try
12 {
13 if ((inputString != null ) && (inputString != String.Empty))
14 {
15 string str_Regex = @" \b( " + SqlStr + @" )\b " ;
16
17 Regex Regex = new Regex(str_Regex, RegexOptions.IgnoreCase);
18 // string s = Regex.Match(inputString).Value;
19 if ( true == Regex.IsMatch(inputString))
20 return false ;
21
22 &
Ïà¹ØÎĵµ£º
±í£ºÓû§ºÅÂ룬µÇ¼ʱ¼ä
ÏÔʾ £ºÃ¿ÈյǼ¸÷ʱ¼ä¶ÎµÄµÇ¼ÈËÊý£¬ºÍÿÌìµÇ¼ÈËÊý
if isnull(object_id('#tb'),'')=''
drop table #tb
CREATE TABLE #tb(ÁÐÃû1 varchar(12),ʱ¼ä datetime)
INSERT INTO #tb
SELECT '03174190188','2009-11-01 07:17:39.217' UNION ALL
SELECT '015224486575','2009-11-01 08:01:17.153' ......
¡¾1¡¿
create procedure proc_pager1
( @pageIndex int, -- ҪѡÔñµÚXÒ³µÄÊý¾Ý
@pageSize int -- ÿҳÏÔʾ¼Ç¼Êý
)
AS
BEGIN
declare @sqlStr varchar(500)
set @sqlStr='select top '+con ......
ÔÎĵØÖ·£ºhttp://www.blogjava.net/xingcyx/archive/2007/01/09/92638.html
ʹÓÃoracleµÄ10046ʼþ¸ú×ÙSQLÓï¾ä
ÎÒÃÇÔÚ·ÖÎöÓ¦ÓóÌÐòÐÔÄÜÎÊÌâµÄʱºò£¬¸ü¶àµØÐèÒª¹Ø×¢ÆäÖÐSQLÓï¾äµÄÖ´ÐÐÇé¿ö£¬ÒòΪͨ³£Ó¦ÓóÌÐòµÄÐÔÄÜÆ¿¾±»áÔÚÊý¾Ý¿âÕâ±ß£¬Òò´ËÊý¾Ý¿âµÄsqlÓï¾äÊÇÎÒÃÇÓÅ»¯µÄÖص㡣ÀûÓÃOracleµÄ10046ʼþ£¬¿ÉÒÔ¸ú×ÙÓ¦ÓóÌÐòËùÖ´ ......
ÔÚWhere×Ó¾äÖУ¬¿ÉÒÔ¶Ôdatetime¡¢char¡¢varchar×Ö¶ÎÀàÐ͵ÄÁÐÓÃLike×Ó¾äÅäºÏͨÅä·ûÑ¡È¡ÄÇЩ“ºÜÏñ...”µÄÊý¾Ý¼Ç¼£¬ÒÔÏÂÊÇ¿ÉʹÓõÄͨÅä·û£º
% Áã»òÕ߶à¸ö×Ö·û
_ µ¥Ò»ÈκÎ×Ö·û£¨Ï»®Ïߣ©
\ ÌØÊâ×Ö·û
[] ÔÚijһ·¶Î§ÄÚµÄ×Ö·û£¬Èç ......
ÎÒÃǶ¼ÖªµÀÔÚOracleÖÐÿÌõSQLÓï¾äÔÚÖ´ÐÐ֮ǰ¶¼ÐèÒª¾¹ý½âÎö£¬ÕâÀïÃæÓÖ·ÖΪÈí½âÎöºÍÓ²½âÎö¡£ÔÚOracleÖдæÔÚÁ½ÖÖÀàÐ͵ÄSQLÓï¾ä£¬Ò»ÀàΪ
DDLÓï¾ä£¨Êý¾Ý¶¨ÒåÓïÑÔ£©£¬ËûÃÇÊÇ´ÓÀ´²»»á¹²ÏíʹÓõģ¬Ò²¾ÍÊÇÿ´ÎÖ´Ðж¼ÐèÒª½øÐÐÓ²½âÎö¡£»¹ÓÐÒ»Àà¾ÍÊÇDMLÓï¾ä£¨Êý¾Ý²Ù×ÝÓïÑÔ£©£¬ËûÃÇ»á¸ù¾ ......
