Ò׽ؽØÍ¼Èí¼þ¡¢µ¥Îļþ¡¢Ãâ°²×°¡¢´¿ÂÌÉ«¡¢½ö160KB

Java·ÀÖ¹SQL×¢Èë

 SQL×¢ÈëÊÇ×î³£¼ûµÄ¹¥»÷·½Ê½Ö®Ò»,Ëü²»ÊÇÀûÓòÙ×÷ϵͳ»òÆäËüϵͳµÄ©¶´À´ÊµÏÖ¹¥»÷µÄ,¶øÊdzÌÐòÔ±ÒòΪûÓÐ×öºÃÅжÏ,±»²»·¨
Óû§×êÁËSQLµÄ¿Õ×Ó,ÏÂÃæÎÒÃÇÏÈÀ´¿´ÏÂʲôÊÇSQL×¢Èë:
          ±ÈÈçÔÚÒ»¸öµÇ½½çÃæ,ÒªÇóÓû§ÊäÈëÓû§ÃûºÍÃÜÂë:
          Óû§Ãû:       ' or 1=1 --  
          ÃÜ       Âë:  
          µãµÇ½,ÈçÈôûÓÐ×öÌØÊâ´¦Àí,¶øÖ»ÊÇÒ»Ìõ´øÌõ¼þµÄ²éѯÓï¾äÈç:
          String sql="select * from users where username='"+userName+"' and password='"+password+"' "
          ÄÇôÕâ¸ö·Ç·¨Óû§¾ÍºÜµÃÒâµÄµÇ½½øÈ¥ÁË.(µ±È»ÏÖÔÚµÄÓÐЩÓïÑÔµÄÊý¾Ý¿âAPIÒѾ­´¦ÀíÁËÕâЩÎÊÌâ)
          ÕâÊÇÎªÊ²Ã´ÄØ?ÎÒÃÇÀ´¿´¿´ÕâÌõÓï¾ä,½«Óû§ÊäÈëµÄÊý¾ÝÌæ»»ºóµÃµ½ÕâÑùÒ»ÌõÓï¾ä:
          select * from users where username='' or 1=1 --' and password=''
          ΪÁ˸üÃ÷°×Щ£¬¿ÉÒÔ½«Æä¸´ÖƵ½SQL·ÖÎöÆ÷ÖУ¬½«»á·¢ÏÖ£¬ÕâÌõÓï¾ä»á½«Êý¾Ý¿âµÄÊý¾ÝÈ«²¿¶Á³öÀ´£¬ÎªÊ²Ã´ÄØ£¿
          ºÜ¼òµ¥,¿´µ½Ìõ¼þºóÃæ username='' or 1=1 Óû§ÃûµÈÓÚ '' »ò 1=1 ÄÇôÕâ¸öÌõ¼þÒ»¶¨»á³É¹¦£¬È»ºóºóÃæ¼ÓÁ½¸ö-£¬ÕâÒâζ×Å
ʲô£¿Ã»´í£¬×¢ÊÍ£¬Ëü½«ºóÃæµÄÓï¾ä×¢ÊÍ£¬ÈÃËûÃDz»Æð×÷Óã¬ÕâÑù¾Í¿ÉÒÔ˳ÀûµÄ°ÑÊý¾Ý¿âÖеÄÊý¾Ý¶ÁÈ¡³öÀ´ÁË¡£
          Õ⻹ÊDZȽÏÎÂÈáµÄ£¬Èç¹ûÊÇÖ´ÐÐ
          select * from users where username='' ;DROP Database      (DB Name) --' and password=''
          .......ÆäËûµÄÄú¿ÉÒÔ×Ô¼ºÏëÏ󡣡£¡£
          ÄÇôÎÒÃÇÔõôÀ´´¦ÀíÕâÖÖ


Ïà¹ØÎĵµ£º

JavaÖеķ´Éä»úÖÆ

·´ÉäµÄ¸ÅÄîÊÇÓÉSmithÔÚ1982ÄêÊ×´ÎÌá³öµÄ£¬Ö÷ÒªÊÇÖ¸³ÌÐò¿ÉÒÔ·ÃÎÊ¡¢¼ì²âºÍÐÞ¸ÄËü±¾Éí״̬»òÐÐΪµÄÒ»ÖÖÄÜÁ¦¡£ÕâÒ»¸ÅÄîµÄÌá³öºÜ¿ìÒý·¢Á˼ÆËã»ú¿ÆÑ§ÁìÓò¹ØÓÚÓ¦Ó÷´ÉäÐÔµÄÑо¿¡£ËüÊ×Ïȱ»³ÌÐòÓïÑÔµÄÉè¼ÆÁìÓòËù²ÉÓÃ,²¢ÔÚLispºÍÃæÏò¶ÔÏó·½ÃæÈ¡µÃÁ˳ɼ¨¡£ÆäÖÐLEAD/LEAD++ ¡¢OpenC++ ¡¢MetaXaºÍOpenJavaµÈ¾ÍÊÇ»ùÓÚ·´Éä»úÖÆµÄÓïÑÔ¡£×î½ü ......

´«ÖDz¥¿ÍJAVAÅàѵ2010 4 26SVN/CVS×ܽá

      ½ñÌìÎÒÔÚ×ö·É»ú¡£ÎªÊ²Ã´ËµÎÒÔÚ×ö·É»úÄØ£¡ÒòΪÕâÊÇÎÒ½ø´«ÖDz¥¿ÍÒÔÀ´£¬¸öÈ˸оõ·Ç³£ÖØÒªµÄÒ»ÌÿΣ¬µ«ÊÇÎÒ²»ÄÜÒ»ÏÂ×Ó¼ÇסËùËùÓеĶ«Î÷£¬×òÌìÍíÉÏ£¬¿´ÊÓÆµ¿´µ½ÍíÉÏÈýµã£¬½ñÌìÉϿκÜÏ뼯ÖÐ×¢ÒâÁ¦£¬µ«ÊÇ×îÖÕ»¹ÊÇÈ̲»×¡´òÁËî§Ë¯£¬µ«½ñÌìµÄµÄ¿Î¸øÎҵĸоõÊǷdz£¾ßÓÐÁ¬¹áÐÔ£¬Ç°ÃæµÄ¿ÎÈç¹ûÌýµÃ²»ÊǺÜÇ ......

SQL Server ·µ»Ø×îºó²åÈë¼Ç¼µÄidÖµ

SQL Server 2000ÖУ¬ÓÐÈý¸ö±È½ÏÀàËÆµÄ¹¦ÄÜ£ºËûÃÇ·Ö±ðÊÇ£ºSCOPE_IDENTITY¡¢IDENT_CURRENT ºÍ @@IDENTITY£¬ËüÃǶ¼·µ»Ø²åÈëµ½ IDENTITY ÁÐÖеÄÖµ¡£
IDENT_CURRENT ·µ»ØÎªÈκλỰºÍÈκÎ×÷ÓÃÓòÖеÄÌØ¶¨±í×îºóÉú³ÉµÄ±êʶֵ¡£IDENT_CURRENT ²»ÊÜ×÷ÓÃÓòºÍ»á»°µÄÏÞÖÆ£¬¶øÊÜÏÞÓÚÖ¸¶¨µÄ±í¡£IDENT_CURRENT ·µ»ØÎªÈκλỰºÍ×÷ÓÃÓòÖÐµÄ ......

oracle²éѯÁ´½ÓÊý sqlÃüÁî

select t.OSUSER,t.STATUS,t.LOGON_TIME from v$session t
select t.OSUSER,t.STATUS,t.LOGON_TIME from v$session t where t.OSUSER='admin'
select t.OSUSER,t.STATUS,t.LOGON_TIME from v$session t where t.OSUSER='liuzhaoqing'
select t.OSUSER,t.STATUS,t.LOGON_TIME from v$session t where t.OSUSER='ymx'
sel ......

ʱ¼ä²î¼ÆËã: SQL Server DATEDIFF() º¯Êý

SQL Server DATEDIFF() º¯Êý
¶¨ÒåºÍÓ÷¨
DATEDIFF() º¯Êý·µ»ØÁ½¸öÈÕÆÚÖ®¼äµÄÌìÊý¡£
Óï·¨
DATEDIFF(datepart,startdate,enddate)
startdate ºÍ enddate ²ÎÊýÊǺϷ¨µÄÈÕÆÚ±í´ïʽ¡£
datepart ²ÎÊý¿ÉÒÔÊÇÏÂÁеÄÖµ£º
datepartËõд
Äê
yy, yyyy
¼¾¶È
qq, q
ÔÂ
mm, m
ÄêÖеÄÈÕ
dy, y
ÈÕ
dd, d
ÖÜ
wk, ww
ÐÇÆÚ ......
© 2009 ej38.com All Rights Reserved. ¹ØÓÚE½¡ÍøÁªÏµÎÒÃÇ | Õ¾µãµØÍ¼ | ¸ÓICP±¸09004571ºÅ