C#.NET·ÀÖ¹SQL×¢Èëʽ¹¥»÷
1 ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£© #region ·ÀÖ¹sql×¢Èëʽ¹¥»÷(¿ÉÓÃÓÚUI²ã¿ØÖÆ£©
2
3 /**/ ///
4 /// ÅжÏ×Ö·û´®ÖÐÊÇ·ñÓÐSQL¹¥»÷´úÂë
5 ///
6 /// ´«ÈëÓû§Ìá½»Êý¾Ý
7 /// true-°²È«£»false-ÓÐ×¢Èë¹¥»÷ÏÖÓУ»
8 public bool ProcessSqlStr( string inputString)
9 {
10 string SqlStr = @" and|or|exec|execute|insert|select|delete|update|alter|create|drop|count|\*|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net +localgroup +administrators " ;
11 try
12 {
13 if ((inputString != null ) && (inputString != String.Empty))
14 {
15 string str_Regex = @" \b( " + SqlStr + @" )\b " ;
16
17 Regex Regex = new Regex(str_Regex, RegexOptions.IgnoreCase);
18 // string s = Regex.Match(inputString).Value;
19 if ( true == Regex.IsMatch(inputString))
20 return false ;
21
22 &
Ïà¹ØÎĵµ£º
1 MySQLÖ§³Öenum,ºÍsetÀàÐÍ£¬SQL Server²»Ö§³Ö
¡¡¡¡2 MySQL²»Ö§³Önchar,nvarchar,ntextÀàÐÍ
¡¡¡¡3 MySQLµÄµÝÔöÓï¾äÊÇAUTO_INCREMENT£¬¶øMS SQLÊÇidentity(1,1)
¡¡¡¡4 MS SQLĬÈϵ½´¦±í´´½¨Óï¾äµÄĬÈÏÖµ±íʾÊÇ((0)),¶øÔÚMySQLÀïÃæÊDz»ÔÊÐí´øÁ½À¨ºÅµÄ
¡¡¡¡5 MySQLÐèҪΪ±íÖ¸¶¨´æ´¢ÀàÐÍ
¡ ......
ÔÚsql²éѯ·ÖÎöÆ÷ÀïÃæÊDz»ÄÜÖ±½ÓÔËÐÐcmdÃüÁîµÄ
µ«ÊÇSQL¸ø³öÁËÒ»¸ö½Ó¿Ú
--´ò¿ª¸ß¼¶ÉèÖÃ
EXEC sp_configure 'show advanced options', 1
RECONFIGURE
--´ò¿ªxp_cmdshellÀ©Õ¹´æ´¢¹ý³Ì
EXEC sp_configure 'xp_cmdshell', 1
RECONFIGURE
Ê×ÏÈ ´ò¿ªÒ»Ð©ÅäÖÃ
È»ºóÖ´ÐÐÄãÒªÔËÐÐcmdÃüÁî
exec master..xp_cmdshell 'net star ......
C#ÖÐÒÔwindowsÑéÖ¤·½Ê½Á¬½ÓSQL serverÊý¾Ý¿âµÄÀà¡£ºÜ¶àÈËÁ¬½ÓÊý¾Ý¿âʱ¿ÉÄܶ¼ÊÇÍøÉϲéÁËÈ»ºó¾ÍÁ¬ÁË£¬¶ÔÓÚ²ÎÊýµÄº¬Òåµ¹ÊÇûÔõôÔÚÒ⣬żҲÊÇ£¨ºÇºÇ£©£¬µ±È»ÎÒÃǶ¼×¢Öؽá¹ûÂ¿ÉÊÇÕâÑù²»ÈÝÒ×¼ÇÒäÿ´ÎÁ¬µÄʱºò¶¼ÊÇÉÏÍø²é£¬¸Ð¾õͦ²»·½±ã£¬ËùÒÔË÷ÐÔ²éÁËһϡ£~~~Integrated Security=True£»±íʾÔÚÁ¬½ÓÊý¾Ý¿â½øÐÐÉí·ÝÑé֤ʱÓÃwind ......
ÎÒÃǶ¼ÖªµÀÔÚOracleÖÐÿÌõSQLÓï¾äÔÚÖ´ÐÐ֮ǰ¶¼ÐèÒª¾¹ý½âÎö£¬ÕâÀïÃæÓÖ·ÖΪÈí½âÎöºÍÓ²½âÎö¡£ÔÚOracleÖдæÔÚÁ½ÖÖÀàÐ͵ÄSQLÓï¾ä£¬Ò»ÀàΪ
DDLÓï¾ä£¨Êý¾Ý¶¨ÒåÓïÑÔ£©£¬ËûÃÇÊÇ´ÓÀ´²»»á¹²ÏíʹÓõģ¬Ò²¾ÍÊÇÿ´ÎÖ´Ðж¼ÐèÒª½øÐÐÓ²½âÎö¡£»¹ÓÐÒ»Àà¾ÍÊÇDMLÓï¾ä£¨Êý¾Ý²Ù×ÝÓïÑÔ£©£¬ËûÃÇ»á¸ù¾ ......
