MySQL Ñϸñģʽ sql_mode
ËäȻ˵ÎÒÃǾ¡Á¿ÔÚд³ÌÐòµÄʱºò¿ØÖƲåÈëµ½Êý¾Ý¿âµÄÊý¾Ý£¬¶ø²»ÒªÓÃÊý¾Ý¿âÈ¥ÅжÏÊý¾ÝµÄ¶Ô´í£¬µ«ÊÇÓÐʱºòΪÁË·½±ã»¹ÊÇÐèÒªÊý¾Ý¿â×ÔÉíµÄÈÝ´íÄÜÁ¦À´°ïÖúÎÒÃǴﵽĿµÄµÄ¡£¾ÙÀý˵Ã÷£º
´´½¨ÈçÏÂÊý¾Ý±í
CREATE TABLE `book` (
`id` int(11) default NULL,
`num` int(11) unsigned default NULL
) ENGINE=InnoDB DEFAULT CHARSET=gbk
insert into bookvalues(1,0),(2,0)
Ö´ÐÐupdate book set num='abc'£¬¾¹È»²»±¨´í£¬ÔÒòÊÇûÓÐÆôÓÃÑϸñģʽ¡£ËùÒÔ
ÏÈÖ´ÐÐset sql_mode="STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION",
È»ºóÖ´ÐÐupdate book set num='abc'£¬Êý¾Ý¿â¾Í±¨´íÁË
Èç¹ûÏëÒ»ÀÍÓÀÒÝ£¬ÄǾÍÖ±½Ó°ÑÊý¾Ý¿âÅäÖÃÎļþmy.iniÖеÄÏà¹Ø²ÎÊýÉèÖÃΪ
# Set the SQL mode to strict
sql-mode="STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
Ïà¹ØÎĵµ£º
and exists (select * from sysobjects) //ÅжÏÊÇ·ñÊÇMSSQL
and exists(select * from tableName) //ÅжÏij±íÊÇ·ñ´æÔÚ..tableNameΪ±íÃû
and 1=(select @@VERSION) //MSSQL°æ±¾
And 1=(select db_name()) //µ±Ç°Êý¾Ý¿âÃû
and 1=(select @@servername) //±¾µØ·þÎñÃû
and 1=(select IS_SRVROLEMEMBER('sysadmin')) //Å ......
SQLÊÖ¹¤×¢Èë´óÈ«
2006Äê08ÔÂ11ÈÕ ÐÇÆÚÎå 21:00
±È·½ËµÔÚ²éѯidÊÇ50µÄÊý¾Ýʱ£¬Èç¹ûÓû§´«½üÀ´µÄ²ÎÊýÊÇ50 and 1=1£¬Èç¹ûûÓÐÉèÖùýÂ˵Ļ°£¬¿ÉÒÔÖ±½Ó²é³öÀ´£¬SQL ×¢ÈëÒ»°ãÔÚASP³ÌÐòÖÐÓöµ½×î¶à£¬
¿´¿´ÏÂÃæµÄ
1.ÅжÏÊÇ·ñÓÐ×¢Èë
;and 1=1
;and 1=2
2.³õ²½ÅжÏÊÇ·ñÊÇmssql
;and user>0
3.ÅжÏÊý¾Ý¿âϵͳ
;and ......
DELIMITER $$
DROP PROCEDURE IF EXISTS `heli`.`prodtest` $$
CREATE PROCEDURE `heli`.`prodtest` ()
BEGIN
/*¾Ö²¿±äÁ¿µÄ¶¨Òå declare*/
declare pid varchar(45) default '';
declare pq int default 0;
declare pk double default 0.0;
declare cur1 CURSOR FOR SELECT pro ......
declare @p int
declare @p1 int
declare @count int
set @p=0
set @p1=10
set @count=2
if(@count<>0 or @count<>1)
set @p=@p1*@count-10
SELECT [t1].[userid], [t1].[username], [t1].[userorder]
from (
SELECT ROW_NUMBER() OVER (ORDER BY [t0].[userorder]) AS [ROW_NU ......
SQL ServerµÄ²¹¶¡°æ±¾¼ì²é²»ÈçWindows ²¹¶¡°æ±¾¼ì²éÖ±½Ó£¬Ò»¸öϵͳ¹ÜÀíÔ±£¬Èç¹û²»Á˽âSQL Server°æ±¾¶ÔÓ¦µÄ²¹¶¡ºÅ£¬¿ÉÄÜÒ²»áÓöµ½Ò»µãÂé·³£¬Òò´ËÔÚÕâ˵Ã÷һϣ¬Í¨¹ýÕâÑùµÄ°ì·¨Åбð»úÆ÷ÊÇ°²È«µÄ°ì·¨£¬²»»á¶Ôϵͳ²úÉúÈκÎÓ°Ïì¡£
¡¡
1¡¢ÓÃIsql»òÕßSQL²éѯ·ÖÎöÆ÷µÇ¼µ½SQL Server£¬Èç¹ûÊÇÓÃIsql£¬ÇëÔÚcmd´°¿ÚÊäÈëisql -U sa,È» ......
