Ϊʲôsql ÀïÒªÇóstring×Ö¶ÎÓõ¥ÒýºÅÒýÆðÀ´
select * from student where name=?;
Èç¹û²»Óõ¥ÒýºÅÒýÆðÀ´£¬ pstmt.setString(1,"xx or 1=1");¼´sqlÓ¦¸Ã¾ÍÊÇselect * from student where name=xx or 1=1¾Í¿ÉÒÔÈ«²¿²é³ö¡£
Ç¿ÖƵ¥ÒýºÅÒýÆðÀ´£¬select * from student where name='xx or 1=1'¡£¾ÍÎÞЧÁË¡£
ÊýÖµÐ͵ÄûÓÐÒªÇóÓõ¥ÒýºÅÒýÆðÀ´£¬Ó¦¸ÃÊÇÓÉÓÚÓÐÒ»¸öת»»¹ý³Ì°É¡£
select * from student where id=?;
pstmt.setString(1,"xx or 1=1")ת»»Ê§°Ü¡£pstmt.setInt(1,¾ÍÕâû·¨Ð´ÁË)£»
Ïà¹ØÎĵµ£º
http://www.umgr.com/blog/PostView.aspx?bpId=36294
1. Ö´ÐÐsqlÓï¾ä
int sqlite3_exec(sqlite3*£¬ const char *sql£¬ sqlite3_callbacksql Óï·¨
£¬ void *£¬ char **errmsg );
Õâ¾ÍÊÇÖ´ÐÐÒ»Ìõ sql Óï¾äµÄº¯Êý¡£
µÚ1¸ö²ÎÊý²»ÔÙ˵ÁË£¬ÊÇÇ°Ãæopenº¯ÊýµÃµ½µÄÖ¸Õ롣˵ÁËÊǹؼüÊý¾Ý½á¹¹¡£
µÚ2¸ö²ÎÊýconst char ......
×÷Õß: ÈýÊ®¶øÁ¢Ê±¼ä£º2009Äê10ÔÂ15ÈÕ 21:59:51±¾Îijö×Ô ¡°inthirties£¨ÈýÊ®¶øÁ¢£©¡±²©¿Í£¬×ªÔØÇëÎñ±Ø×¢Ã÷×÷Õߺͱ£Áô³ö´¦http://blog.csdn.net/inthirties/archive/2009/10/15/4673268.aspx °Ñ´ÎÐò²»¶ÔµÄÁÐÕÒ³öÀ´ ÇëÎÊ ÏÂÃæµÄ±í¸ÃÈçºÎÅÅÐò£¿ÎÒÓÐÏÂÃæµÄ±í¡£´ÎÐòÈçÏ ÆäÖеÚ5¸ö¼Ç¼ºÍµÚ6Ìõ¼Ç¼´ÎÐòµßµ¹ÁË¡£Õâ¸ö±íÊý¾ÝÁ¿±È½Ï ......
Ò»£ºSQL Loader µÄÌصã
oracle×Ô¼º´øÁ˺ܶàµÄ¹¤¾ß¿ÉÒÔÓÃÀ´½øÐÐÊý¾ÝµÄǨÒÆ¡¢±¸·ÝºÍ»Ö¸´µÈ¹¤×÷¡£µ«ÊÇÿ¸ö¹¤¾ß¶¼ÓÐ×Ô¼ºµÄÌص㡣
±ÈÈç˵expºÍimp¿ÉÒÔ¶ÔÊý¾Ý¿âÖеÄÊý¾Ý½øÐе¼³öºÍµ¼³öµÄ¹¤×÷£¬ÊÇÒ»ÖֺܺõÄÊý¾Ý¿â±¸·ÝºÍ»Ö¸´µÄ¹¤¾ß£¬Òò´ËÖ÷ÒªÓÃÔÚÊý¾Ý¿âµÄÈȱ¸·ÝºÍ»Ö¸´·½Ãæ¡£ÓÐ×ÅËٶȿ죬ʹÓüòµ¥£¬¿ì½ÝµÄÓŵ㣻ͬʱҲÓÐһЩȱµ ......
