C#.NET·ÀÖ¹SQL×¢Èëʽ¹¥»÷
1 ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£© #region ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£©
2
3 /**/ ///
4 /// ÅжÏ×Ö·û´®ÖÐÊÇ·ñÓÐSQL¹¥»÷´úÂë
5 ///
6 /// ´«ÈëÓû§Ìá½»Êý¾Ý
7 /// true-°²È«£»false-ÓÐ×¢Èë¹¥»÷ÏÖÓУ»
8 public bool ProcessSqlStr( string inputString)
9 {
10 string SqlStr = @" and|or|exec|execute|insert|select|delete|update|alter|create|drop|count|\*|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net +localgroup +administrators " ;
11 try
12 {
13 if ((inputString != null ) && (inputString != String.Empty))
14 {
15 string str_Regex = @" \b( " + SqlStr + @" )\b " ;
16
17 Regex Regex = new Regex(str_Regex, RegexOptions.IgnoreCase);
18 // string s = Regex.Match(inputString).Value;
19 if ( true == Regex.IsMatch(inputString))
20 return false ;
21
22 &
Ïà¹ØÎĵµ£º
¡¾1¡¿
create procedure proc_pager1
( @pageIndex int, -- ҪѡÔñµÚXÒ³µÄÊý¾Ý
@pageSize int -- ÿҳÏÔʾ¼Ç¼Êý
)
AS
BEGIN
declare @sqlStr varchar(500)
set @sqlStr='select top '+con ......
/***************************************************
×÷Õߣºherowang(ÈÃÄãÍû¼ûÓ°×ÓµÄǽ£©
ÈÕÆÚ£º2010.1.5
×¢£º תÔØÇë±£Áô´ËÐÅÏ¢
......
ÔÎĵØÖ·£ºhttp://www.blogjava.net/xingcyx/archive/2007/01/09/92638.html
ʹÓÃoracleµÄ10046ʼþ¸ú×ÙSQLÓï¾ä
ÎÒÃÇÔÚ·ÖÎöÓ¦ÓóÌÐòÐÔÄÜÎÊÌâµÄʱºò£¬¸ü¶àµØÐèÒª¹Ø×¢ÆäÖÐSQLÓï¾äµÄÖ´ÐÐÇé¿ö£¬ÒòΪͨ³£Ó¦ÓóÌÐòµÄÐÔÄÜÆ¿¾±»áÔÚÊý¾Ý¿âÕâ±ß£¬Òò´ËÊý¾Ý¿âµÄsqlÓï¾äÊÇÎÒÃÇÓÅ»¯µÄÖص㡣ÀûÓÃOracleµÄ10046ʼþ£¬¿ÉÒÔ¸ú×ÙÓ¦ÓóÌÐòËùÖ´ ......
C#ÖÐÒÔwindowsÑéÖ¤·½Ê½Á¬½ÓSQL serverÊý¾Ý¿âµÄÀà¡£ºÜ¶àÈËÁ¬½ÓÊý¾Ý¿âʱ¿ÉÄܶ¼ÊÇÍøÉϲéÁËÈ»ºó¾ÍÁ¬ÁË£¬¶ÔÓÚ²ÎÊýµÄº¬Òåµ¹ÊÇûÔõôÔÚÒ⣬żҲÊÇ£¨ºÇºÇ£©£¬µ±È»ÎÒÃǶ¼×¢Öؽá¹ûÂ¿ÉÊÇÕâÑù²»ÈÝÒ×¼ÇÒäÿ´ÎÁ¬µÄʱºò¶¼ÊÇÉÏÍø²é£¬¸Ð¾õͦ²»·½±ã£¬ËùÒÔË÷ÐÔ²éÁËһϡ£~~~Integrated Security=True£»±íʾÔÚÁ¬½ÓÊý¾Ý¿â½øÐÐÉí·ÝÑé֤ʱÓÃwind ......
µÚÒ»Ìõ£º
select * from where field in (1,2,3) ÕâÖÖд·¨Ó¦¸ÃÉáÆúÁË£¬¶øÓ¦¸ÃÕâÑùд£º
select * from table where field = 1 or field = 2 or field = 3
ΪʲôÄØ£¿
·²ÊÂÖ»ÓÐ×ö¹ý²ÅÖªµÀ£¬×Ô¼º½¨¸ö±í£¬²åÈë10WÌõ²âÊÔÊý¾Ý£¬ÓÃsql²âÊÔһϱãÖª£¬ÒòΪ¹¤×÷±ãÀû£¬ÎÒÔÚ²úÆ·»úºÍÍâÍø²âÊÔ»ú¶¼ÒѾ²âÊÔ¹ý£ ......
