Ϊʲôsql ÀïÒªÇóstring×Ö¶ÎÓõ¥ÒýºÅÒýÆðÀ´
select * from student where name=?;
Èç¹û²»Óõ¥ÒýºÅÒýÆðÀ´£¬ pstmt.setString(1,"xx or 1=1");¼´sqlÓ¦¸Ã¾ÍÊÇselect * from student where name=xx or 1=1¾Í¿ÉÒÔÈ«²¿²é³ö¡£
Ç¿ÖƵ¥ÒýºÅÒýÆðÀ´£¬select * from student where name='xx or 1=1'¡£¾ÍÎÞЧÁË¡£
ÊýÖµÐ͵ÄûÓÐÒªÇóÓõ¥ÒýºÅÒýÆðÀ´£¬Ó¦¸ÃÊÇÓÉÓÚÓÐÒ»¸öת»»¹ý³Ì°É¡£
select * from student where id=?;
pstmt.setString(1,"xx or 1=1")ת»»Ê§°Ü¡£pstmt.setInt(1,¾ÍÕâû·¨Ð´ÁË)£»
Ïà¹ØÎĵµ£º
character-set-server = GB2312
collation-server = latin1_general_ci
MySQL×Ö·û¼¯ GBK¡¢GB2312¡¢UTF8Çø±ð ½â¾ö MYSQLÖÐÎÄÂÒÂëÎÊÌâ ÊÕ²Ø
MySQLÖÐÉæ¼°µÄ¼¸¸ö×Ö·û¼¯
character-set-server/default-character-set£º·þÎñÆ÷×Ö·û¼¯£¬Ä¬ÈÏÇé¿öÏÂËù²ÉÓõġ£
character-set-database£ºÊý¾Ý¿â×Ö·û¼¯¡£
character-set-table£ºÊ ......
1.Ñ¡Ôñ×îÓÐЧÂʵıíÃû˳Ðò(Ö»ÔÚ»ùÓÚ¹æÔòµÄÓÅ»¯Æ÷ÖÐÓÐЧ)¡¡¡¡
¡¡¡¡ SQLSERVERµÄ½âÎöÆ÷°´ÕÕ´ÓÓÒµ½×óµÄ˳Ðò´¦Àífrom×Ó¾äÖеıíÃû£¬Òò´Ëfrom×Ó¾äÖÐдÔÚ×îºóµÄ±í£¨»ù´¡±ídriving table£©½«±»×îÏÈ´¦Àí£¬ÔÚfrom×Ó¾äÖаüº¬¶à¸ö±íµÄÇé¿öÏ£¬±ØÐëÑ¡Ôñ¼Ç¼ÌõÊý×îÉٵıí×÷Ϊ»ù´¡±í£¬µ±SQLSERVER´¦Àí¶à¸ö±íʱ£¬»áÔËÓÃÅÅÐò¼°ºÏ²¢µÄ·½Ê½Á ......
SQLµÄÓÅ»¯Ó¦¸Ã´Ó5¸ö·½Ãæ½øÐе÷Õû£º
1.È¥µô²»±ØÒªµÄ´óÐͱíµÄÈ«±íɨÃè
2.»º´æСÐͱíµÄÈ«±íɨÃè
3.¼ìÑéÓÅ»¯Ë÷ÒýµÄʹÓÃ
4.¼ìÑéÓÅ»¯µÄÁ¬½Ó¼¼Êõ
5.¾¡¿ÉÄܼõÉÙÖ´Ðмƻ®µÄCost
SQLÓï¾ä£º
ÊǶÔÊý¾Ý¿â(Êý¾Ý)½øÐвÙ×÷µÄΩһ;¾¶£»
ÏûºÄÁË70%~90%µÄÊý¾Ý¿â×ÊÔ´£»¶ÀÁ¢ÓÚ³ÌÐòÉè¼ÆÂß¼£¬Ïà¶ÔÓÚ¶Ô³ÌÐòÔ´´úÂëµÄÓÅ»¯£¬¶ÔSQLÓï¾äµÄÓÅ» ......
create proc [dbo].[GenerateDataDictionary] as
begin
--»ñÈ¡Êý¾Ý±íÃû
declare @tableid int
declare mycursor Cursor
for select object_id from sys.objects where type='U' and name<>'dtproperties'
--»ñÈ¡×Ö¶ÎÃû³Æ¡¢±êʶ¡¢×Ö¶ÎÐòºÅ¡¢Õ¼ÓÃ×Ö½ÚÊý¡¢Ð¡ÊýλÊý¡¢ÔÊÐí¿Õµ ......
