sql×¢ÈëÍ»Æƹؼü×Ö¹ýÂË
Ò»Ö±ÒÔÀ´¶¼ÒÔΪֻÓпոñ£¬tab¼üºÍ×¢ÊÍ·û/**/¿ÉÒÔÓÃÀ´Çиîsql¹Ø¼ü×Ö£¬¶Îʱ¼ä
ÔÚа°Ë¿´ÁË·çѸcms×¢È멶´ÄÇƪÌû×Ó£¬²ÅÖªµÀÔÀ´»Ø³µÒ²¿ÉÒÔÓÃÀ´×÷Ϊ·Ö¸î·û£¨
ÒÔÇ°¾¹È»Ã»ÓÐÏëµ½£¬ÕæÊÇʧ°Ü£©¡£»Ø³µµÄasciiÂëÊÇchr(13)&chr(10)£¬ÖÁÓÚΪʲ
ôҪÁ½¸öÁ¬ÔÚÒ»Æð£¬Õâ¸öÎÒÒ²²»ÖªµÀ¡£×ª»»³Éurl±àÂëÐÎʽÊÇ%0d%0a£¬ÓÚÊǾͿÉÒÔ
ÓÃ%0d%0a´úÌæ¿Õ¸ñpassһЩ¹ýÂË¿Õ¸ñµÄ¼ì²éÁË¡£
ÒýÉêһϣ¬Ö»ÓÃ%0dÄÜÕý³£Ö´ÐÐÓï¾äÂð£¿Ö»ÓÃ%0aÄØ£¿²âÊÔÖ¤Ã÷£¬ÓÃÈÎÒâÒ»ÖÖ·Ö¸î
ÔÚmssql¡¢mysqlºÍaccessÀïÃ涼ÊÇ¿ÉÒԵġ£
ÁíÍ⣬¹ØÓÚmssqlµÄ¶àÓï¾äÎÊÌâ¡£ÎÒÒÔÇ°Ò»Ö±ÒÔΪ±ØÐëÓ÷ֺÅ×÷ΪÓï¾äµÄ½á⣬ºó
À´·¢ÏÖ£¬ÍêÈ«²»ÊÇÄÇÑù¡£ÀàËÆ
Copy code
select * from table exec xp_cmdshell'xxxxxxxxxx'
select * from table/**/exec xp_cmdshell'xxxxxxxxxx'
select * from table|---tab---|exec xp_cmdshell'xxxxxxxxxx'
select * from table|---enter---|exec xp_cmdshell'xxxxxxxxxx'
µÄÓï¾ä¶¼ÊÇ¿ÉÒÔÕý³£Ö´Ðеġ£¶øÎÒÒÔÇ°¾¹È»Ò»Ö±²»ÖªµÀ£¡²»¹ýÕâ¸öòËƸúÁ¬½ÓÊý
¾Ý¿âÇý¶¯ÓйØϵ£¬odbc¿ÉÒÔÕý³£Ö´ÐУ¬sqloledbµÄ»°¾Í»á±¨´í¡£ÓÐÐËȤµÄ¼ÌÐøÑÐ
¾¿°É
ÕâÑù£¬ÒÔºóÓöµ½´ø¿Õ¸ñ¹ýÂ˹ؼü×ÖµÄÀ¹½Ø³ÌÐò£¬ÓÖ¿ÉÒÔ·¢»Ó·¢»ÓÁË
¿ÉÄÜ´ó¼ÒÔç¾ÍÖªµÀÁË£¬²»¹ÜÔõô˵£¬·¢ÔÚÕâÀï°É£¡
×î½üÏëÆð¿ÉÄÜ»¹ÓÐЩasciiÂë¿ÉÒÔÓÃÀ´ÔÚsqlÓï¾äÖдúÌæ¿Õ¸ñ£¬ÓÚÊÇд¸ö½Å±¾²âÊÔ
ÁËһϣ¬½á¹ûÔÚËùÓÐ128¸öµÍλascii×Ö·ûÖУ¬chr(12)Ò²¿ÉÒÔÔÚaccessÀïÓ㬲»¹ý
òËÆchr(12)²»ÄܳöÏÖÔÚand¡¢orÖ®ÀàµÄ¹Ø¼ü´Ê¸½½ü£¬ÔÒò²»Çå³þ¡£mysqlÖбÈ
access¶àÒ»¸öchr(11)¿ÉÒÔ¡£ÖÁÓÚmssql£¬ÍÚÈÕ£¬Ö±½Ó´Ó1µ½32µÄasciiÂë»»³É×Ö·û
ºó¶¼¿ÉÒÔÕý³£Ê¹Óá£
Ïà¹ØÎĵµ£º
ÎÄÖеÄSQL¶¼ÊÇ´ÓÎÒµÄÏîÄ¿ÖÐÖ±½Ócopy¹ýÀ´£¬Òò´ËºÜ¶à±íÃûʲô¶¼ÓÐÁË
//´´½¨±í
"CREATE TABLE FEED_TABLE(FeedID TEXT, Title TEXT, Summary TEXT, Author TEXT, ImageName VARCHAR(21), ImageType TEXT, MaxIndex INT, ImageData BLOB)"
//²éѯ¼Ç¼
"select * form 'table_name'"
"select * form 'table name' where val ......
character-set-server = GB2312
collation-server = latin1_general_ci
MySQL×Ö·û¼¯ GBK¡¢GB2312¡¢UTF8Çø±ð ½â¾ö MYSQLÖÐÎÄÂÒÂëÎÊÌâ ÊÕ²Ø
MySQLÖÐÉæ¼°µÄ¼¸¸ö×Ö·û¼¯
character-set-server/default-character-set£º·þÎñÆ÷×Ö·û¼¯£¬Ä¬ÈÏÇé¿öÏÂËù²ÉÓõġ£
character-set-database£ºÊý¾Ý¿â×Ö·û¼¯¡£
character-set-table£ºÊ ......
Ò»¡¢SQL SERVER ºÍACCESSµÄÊý¾Ýµ¼Èëµ¼³ö
³£¹æµÄÊý¾Ýµ¼Èëµ¼³ö£º
ʹÓÃDTSÏòµ¼Ç¨ÒÆÄãµÄAccessÊý¾Ýµ½SQL Server£¬Äã¿ÉÒÔʹÓÃÕâЩ²½Öè:
¡¡¡¡¡ð1ÔÚSQL SERVERÆóÒµ¹ÜÀíÆ÷ÖеÄTools£¨¹¤¾ß£©²Ëµ¥ÉÏ£¬Ñ¡ÔñData Transformation
¡¡¡¡¡ð2Services£¨Êý¾Ýת»»·þÎñ£©£¬È»ºóÑ¡Ôñ czdImport Dat ......
1.´ò¿ªSQL server enterprise mananger “ÆóÒµ¹ÜÀíÆ÷”
ÔÚÄãÒªµ¼³öµÄSQLÊý¾Ý¿âÉÏÊó±êÓÒ¼ü²Ëµ¥£ºËùÓÐÈÎÎñ-¡·µ¼³öÊý¾Ý
2.»Ø³öÏÖÒ»¸öµ¼³öÏòµ¼´°¿Ú¡£
Ñ¡Ôñ±»µ¼³öµÄÊý¾ÝÔ´£¬ÎªÄã¸Õ²ÅËùÑ¡ÔñµÄÊý¾Ý¿â£¬Èç¹û·¢ÏÖ²»¶ÔÓ¦×ÔÐÐÐ޸ġ£
3.½øÈëµ¼³öµ½Ä¿±êÊý¾ÝÔ´µÄÑ¡Ôñ£¬ÕâÀïÎÒÃÇҪת³ÉACCESSµÄÊý¾Ý¿â¡£×¢ÒâÑ¡ÔñÊý¾ÝÔ´ÀàÐÍÎ ......
import java.sql.*;
/*
* JAVAÁ¬½ÓACCESS£¬SQL Server,MySQL,OracleÊý¾Ý¿â
*
* */
public class JDBC {
public static void main(String[] args)throws Exception {
Connection conn=null;
//====Á¬½ÓACCESSÊý¾Ý¿â ......
