Á˽âÊý¾Ý´æ´¢mysql¶Ô²âÊÔµÄÖúÒæ
¹ýÈ¥µÄÒ»¸öÔ£¬ÎҵŤ×÷ÖØÐĶ¼ÔںϷþÄ£¿éµÄ²âÊÔ¡£ÆÄÓÐһЩÊÕ»ñ¡£
´Ë´Î´óÁ¿ºÍmysql´ò½»µÀ£¬¶Ô²úÆ·µÄÊý¾Ý´æ´¢ÓÐÁ˱ȽÏÈ«ÃæµÄÕÆÎÕ¡£²¢´ÙʹºÍÖ´ÐÐÁËdbµÄ±í½á¹¹ºÍÊôÐԵļì²é¡£ºÏ·þͶ·Åºó£¬ÔÝδ·¢ÏÖÒò´íÎóÊý¾Ýµ¼ÖµÄbug»òʹʡ£
²¢ÔÚ²âÊÔ³õÆھ͹Ø×¢ºÍ¼ì²âÐÔÄÜÖ¸±ê£¬´Ùʹ³ÌÐò×öÁËÒ»´ÎÐÔÄܲâÊÔ£»¶ÔͶ·ÅʱµÄ·çÏÕÔöÇ¿ÁËÔ¤·ÀºÍ¿ØÖÆ¡£
ÕâЩ¶ÔÎҵIJâÊÔ˼ά£¬ÓÐÁ˺ܴóµÄÍØÕ¹¡£
Ïà¹ØÎĵµ£º
¸ù¾ÝÄãµÄʹÓÃÄ¿µÄÎÒ¾õµÃÕâ¸öº¯ÊýÓÐÁ½·½ÃæµÄÓÃ;£º
·ÀÖ¹SQL Injection¹¥»÷£¬Ò²¾ÍÊÇÄã±ØÐëÑéÖ¤Óû§µÄÊäÈë
²Ù×÷Êý¾ÝµÄʱºò±ÜÃâ²»±ØÒªµÄ×Ö·ûµ¼Ö´íÎó
mysql_real_escape_string() º¯ÊýתÒå SQL Óï¾äÖÐʹÓõÄ×Ö·û´®ÖеÄÌØÊâ×Ö·û¡£
ÏÂÁÐ×Ö·ûÊÜÓ°Ï죺
\x00
\n
\r
\
'
"
\x1a
Èç¹û³É¹¦£¬Ôò¸Ãº¯Êý·µ»Ø±»×ªÒåµÄ×Ö·û´ ......
±ÈÈ磺
insert into User values(x1,x2,x3,x4),(x1,x2,x3,x4),(x1,x2,x3,x4)
ÕâÖÖд·¨£¬ÁÐÊýÁ¿±ØÐëºÍ±íÖÐËùÓÐÁб£³ÖÒ»Ö£¬Ò²¾ÍÊÇ˵Áж¼ÒªÁгöÀ´¡£
Õâ¸öuser±íÀïÃæµÄÒ»¸ö×Ö¶Îx1ÊǸö×ÔÔö³¤×ֶΣ¬ÔòÓ¦¸ÃÌînullռλ
insert into User values(null,x2,x3,x4),(null,x2,x3,x4),(null,x2,x3,x4)
·ñÔò»á±¨´í¡£ ......
[MySQLÓÅ»¯] -- ÈçºÎ¶¨Î»Ð§Âʽϵ͵ÄSQL
ʱ¼ä:2010-2-28À´Ô´:HaCMS¿ªÔ´ÉçÇø ×÷Õß:zhenpao
Ò»°ãͨ¹ýÒÔÏÂÁ½ÖÖ·½Ê½¶¨Î»Ö´ÐÐЧÂÊ½ÏµÍµÄ SQL Óï¾ä¡£ Âý²éѯÈÕÖ¾ÔÚ²éѯ½áÊøÒÔºó²Å¼Í¼£¬ËùÒÔÔÚÓ¦Ó÷´Ó³Ö´ÐÐЧÂʳöÏÖÎÊÌâµÄʱºò²éѯÂý²éѯÈÕÖ¾²¢²»Äܶ¨Î»ÎÊÌ⣬¿ÉÒÔʹÓà show processlist ÃüÁî²é¿´µ±Ç° MySQL ÔÚ½øÐеÄỊ̈߳¬° ......
Óà OPTIMIZE TABLE ÓÅ»¯ mysql ±í
ʱ¼ä:2010-2-28À´Ô´:HaCMS¿ªÔ´ÉçÇø ×÷Õß:gangzhong
REPAIR TABLE `table_name` ÐÞ¸´±í OPTIMIZE TABLE `table_name` ÓÅ»¯±í myisamchk table.MYI ÐÞ¸´Ë÷Òý REPAIR TABLE ÓÃÓÚÐÞ¸´±»ÆÆ»µµÄ±í¡£ myisamchk TABLE.MYI ÓÃÓÚÐÞ¸´±»ÆÆ»µµÄË÷ÒýÎļþ¡£ OPTIMIZE TABLE ÓÃÓÚ»ØÊÕÏÐÖõÄÊý¾Ý ......
