MySQL´æ´¢¹ý³ÌʵÀý
9.3 MySQL´æ´¢¹ý³Ì
MySQL 5.0ÒÔºóµÄ°æ±¾¿ªÊ¼Ö§³Ö´æ´¢¹ý³Ì£¬´æ´¢¹ý³Ì¾ßÓÐÒ»ÖÂÐÔ¡¢¸ßЧÐÔ¡¢°²È«ÐÔºÍÌåϵ½á¹¹µÈÌص㣬±¾½Ú½«Í¨¹ý¾ßÌåµÄʵÀý½²½âPHPÊÇÈçºÎ²Ù×ÝMySQL´æ´¢¹ý³ÌµÄ¡£
ʵÀý261£º´æ´¢¹ý³ÌµÄ´´½¨
ÕâÊÇÒ»¸ö´´½¨´æ´¢¹ý³ÌµÄʵÀý
¼ÏñλÖ㺹âÅÌ\mingrisoft\09\261
ʵÀý˵Ã÷
ΪÁ˱£Ö¤Êý¾ÝµÄÍêÕûÐÔ¡¢Ò»ÖÂÐÔ£¬Ìá¸ßÓ¦ÓõÄÐÔÄÜ£¬³£²ÉÓô洢¹ý³Ì¼¼Êõ¡£MySQL 5.0֮ǰµÄ°æ±¾²¢²»Ö§³Ö´æ´¢¹ý³Ì£¬Ëæ×ÅMySQL¼¼ÊõµÄÈÕÇ÷ÍêÉÆ£¬´æ´¢¹ý³Ì½«ÔÚÒÔºóµÄÏîÄ¿Öеõ½¹ã·ºµÄÓ¦Óᣱ¾ÊµÀý½«½éÉÜÔÚMySQL 5.0ÒÔºóµÄ°æ±¾Öд´½¨´æ´¢¹ý³Ì¡£
¼¼ÊõÒªµã
Ò»¸ö´æ´¢¹ý³Ì°üÀ¨Ãû×Ö¡¢²ÎÊýÁÐ±í£¬ÒÔ¼°¿ÉÒÔ°üÀ¨ºÜ¶àSQLÓï¾äµÄSQLÓï¾ä¼¯¡£ÏÂÃæΪһ¸ö´æ´¢¹ý³ÌµÄ¶¨Òå¹ý³Ì£º
create procedure proc_name (in parameter integer)
begin
declare variable varchar(20);
if parameter=1 then
set variable='MySQL';
else
set variable='PHP';
end if;
insert into tb (name) values (variable);
end;
MySQLÖд洢¹ý³ÌµÄ½¨Á¢ÒԹؼü×Öcreate procedure¿ªÊ¼£¬ºóÃæ½ô¸ú´æ´¢¹ý³ÌµÄÃû³ÆºÍ²ÎÊý¡£MySQLµÄ´æ´¢¹ý³ÌÃû³Æ²»Çø·Ö´óСд£¬ÀýÈçPROCE1()ºÍproce1()´ú±íͬһ¸ö´æ´¢¹ý³ÌÃû¡£´æ´¢¹ý³ÌÃû²»ÄÜÓëMySQLÊý¾Ý¿âÖеÄÄÚ½¨º¯ÊýÖØÃû¡£
´æ´¢¹ý³ÌµÄ²ÎÊýÒ»°ãÓÉ3²¿·Ö×é³É¡£µÚÒ»²¿·Ö¿ÉÒÔÊÇin¡¢out»òinout¡£in±íʾÏò´æ´¢¹ý³ÌÖд«Èë²ÎÊý£»out±íʾÏòÍâ´«³ö²ÎÊý£»inout±íʾ¶¨ÒåµÄ²ÎÊý¿É´«Èë´æ´¢¹ý³Ì£¬²¢¿ÉÒÔ±»´æ´¢¹ý³ÌÐ޸ĺ󴫳ö´æ´¢¹ý³Ì£¬´æ´¢¹ý³ÌĬÈÏΪ´«Èë²ÎÊý£¬ËùÒÔ²ÎÊýin¿ÉÒÔÊ¡ÂÔ¡£µÚ¶þ²¿·ÖΪ²ÎÊýÃû¡£µÚÈý²¿·ÖΪ²ÎÊýµÄÀàÐÍ£¬¸ÃÀàÐÍΪMySQLÊý¾Ý¿âÖÐËùÓпÉÓõÄ×Ö¶ÎÀàÐÍ£¬Èç¹ûÓжà¸ö²ÎÊý£¬²ÎÊýÖ®¼ä¿ÉÒÔÓöººÅ½øÐзָ
MySQL´æ´¢¹ý³ÌµÄÓï¾ä¿éÒÔbegin¿ªÊ¼£¬ÒÔend½áÊø¡£Óï¾äÌåÖпÉÒÔ°üº¬±äÁ¿µÄÉùÃ÷¡¢¿ØÖÆÓï¾ä¡¢SQL²éѯÓï¾äµÈ¡£ÓÉÓÚ´æ´¢¹ý³ÌÄÚ²¿Óï¾äÒªÒԷֺŽáÊø£¬ËùÒÔÔÚ¶¨Òå´æ´¢¹ý³ÌÇ°Ó¦½«Óï¾ä½áÊø±êÖ¾“;”¸ü¸ÄΪÆäËû×Ö·û£¬²¢ÇÒ¸Ã×Ö·ûÔÚ´æ´¢¹ý³ÌÖгöÏֵļ¸ÂÊÒ²Ó¦¸Ã½ÏµÍ£¬¿ÉÒÔÓùؼü×Ödelimiter¸ü¸Ä¡£ÀýÈ磺
mysql>delimiter //
´æ´¢¹ý³Ì´´½¨Ö®ºó£¬¿ÉÓÃÈçÏÂÓï¾ä½øÐÐɾ³ý£¬²ÎÊýproc_nameÖ¸´æ´¢¹ý³ÌÃû¡£
drop procedure proc_name
ʵÏÖ¹ý³Ì
£¨1£©MySQL´æ´¢¹ý³ÌÊÇÔÚ“ÃüÁîÌáʾ·û”Ï´´½¨µÄ£¬ËùÒÔÊ×ÏÈÓ¦¸Ã´ò¿ª“ÃüÁîÌáʾ·û”´°¿Ú¡£
£¨2£©½øÈë“ÃüÁîÌáʾ·û”´°¿Úºó£¬Ê×ÏÈÓ¦¸ÃµÇ¼MySQLÊý¾Ý¿â·þÎñÆ÷£¬ÔÚ“ÃüÁîÌáʾ·û”ÏÂÊäÈëÈçÏÂÃüÁ
Ïà¹ØÎĵµ£º
mysql 5.0´æ´¢¹ý³Ìѧϰ×ܽá
Ò».´´½¨´æ´¢¹ý³Ì
1.»ù±¾Óï·¨£º
create procedure sp_name()
begin
………
end
2.²ÎÊý´«µÝ
¶þ.µ÷Óô洢¹ý³Ì
1.»ù±¾Óï·¨£ºcall sp_name()
×¢Ò⣺´æ´¢¹ý³ÌÃû³ÆºóÃæ±ØÐë¼ÓÀ¨ºÅ£¬ÄÄŸô洢¹ý³ÌûÓвÎÊý´«µÝ
Èý.ɾ³ý´æ´¢¹ý³Ì
1.»ù±¾Óï·¨£º
drop procedure sp_name// ......
by ZaraByte
How to do a SQL Injection for MYSQL Server 5.0+
1. Find a vulnerable add a ‘ at the end of the site example: news.php?id=1 add a ‘ at the end of the 1 and see if you get a syntax error
2. order by #–
Keep upping the # until you get an error.
3. union all select 1 ......
1¡¢ÔÚmysql Êý¾Ý¿âÖУ¬“2009-09-15 00£º00£º00”ת»¯ÎªÁÐΪ³¤ÕûÐ͵ĺ¯Êý£º
select unix_timstamp("2009-09-15 00£º00£º00")*1000,
ÕâÀïҪעÒ⣬mysqlÊý¾Ý¿âÖеij¤ÕûÐÍ£¬±ÈjavaÖеij¤ÕûÐÍÉÙÁËÃëºóÃæµÄºÁÃëÊý£¬ËùÒÔÒª³ËÒÔ1000£¬ÕâÑùÖ»Óм¸ºÁÃëÖ®²î
2¡¢ÔÚmysqlÊý¾Ý¿âÖУ¬“1252999488000”£ ......
»ù±¾µÄMySQLÓï¾äºÜ¼òµ¥£¬ÕâÀïÖ÷Ҫ̸̸һЩÈÝÒ×ÒÅÍüµÄ¡£
1.ÈçºÎÉèÖÃ×ֶεÝÔö
create table tb_User(Id int auto_increment
not null primary key,UserName varchar(50),Password varchar(20));
2.²é¿´±í½á¹¹
desc tb_User;
3.ÈçºÎÐ޸ıí½á
ÖØÃüÃû±í£ºalter table tb_User rename
tb_UserInfo;
Ìí¼ÓÒ»ÁУºalter ta ......