Java如何防sql注入
采用预编译语句集,它内置了处理SQL注入的能力,只要使用它的setString方法传值即可:
String sql= "select * from users where username=? and password=?;
PreparedStatement preState = conn.prepareStatement(sql);
preState.setString(1, userName);
preState.setString(2, password);
ResultSet rs = preState.executeQuery();
相关文档:
declare @XML XML
SET @XML='<root>
<OLDVALUE>
<H_Action id="1130">030</H_Action>
<D_Action>030</D_Action>
<OrderCompany>00220</OrderCompany>
<OrderNumber>10004035</OrderNumber> ......
/*
* Source URL: http://jonsion.javaeye.com/blog/511584
*/
1. 获取所有数据库名
1> SELECT name from master..sysdatabases;
2> go
2. 获取所有表名
1> USE master
2> go
1> SELECT name from sysobjects WHERE type='U';
2> go
3. 获取所有字段名
1> SELECT name ......
上集中
//////////////////////////////////////////////////
select n5001 门店,n5002 部门,n5004 小分类,n5019 商品编码,c01d21 商品名称,
nvl(xse,0)-nvl(dzxs,0) 销售,
mle 毛利,
nvl(xl,0)-nvl(dzsl,0) 销量
from
(select n5001,n5002,n5004,n5019,sum(n5011) xse,sum(n5016) mle,sum(n5023) xl
from ......
删除数据库表中某一字段的重复纪录,只想保留一条记录可用以下方法:
执行以下语句:
declare @max integer,@id varchar(18) --此处变量类型根据字段类型设置
declare cur_rows cursor local for select 字段,count(*) from 表名group by 字段 having count(*) > 1
open cur_rows
fetch cur_rows into @id,@max
wh ......
根据生日的xx月xx日查找在$checkDate计算,$before日后生日的客户:
$checkDate为YYYY-MM-DD
WHERE substring(ADDDATE( '$checkDate', $before ),6,10)=substring(DATE_FORMAT(birthday,'%Y-%m-%d'),6,10)
$dates 天内生日的客户未考虑到平年、闰年::
$sql.=" (dayofyear( birthday )-dayofyear( ......
