Ϊʲôsql ÀïÒªÇóstring×Ö¶ÎÓõ¥ÒýºÅÒýÆðÀ´
select * from student where name=?;
Èç¹û²»Óõ¥ÒýºÅÒýÆðÀ´£¬ pstmt.setString(1,"xx or 1=1");¼´sqlÓ¦¸Ã¾ÍÊÇselect * from student where name=xx or 1=1¾Í¿ÉÒÔÈ«²¿²é³ö¡£
Ç¿ÖƵ¥ÒýºÅÒýÆðÀ´£¬select * from student where name='xx or 1=1'¡£¾ÍÎÞЧÁË¡£
ÊýÖµÐ͵ÄûÓÐÒªÇóÓõ¥ÒýºÅÒýÆðÀ´£¬Ó¦¸ÃÊÇÓÉÓÚÓÐÒ»¸öת»»¹ý³Ì°É¡£
select * from student where id=?;
pstmt.setString(1,"xx or 1=1")ת»»Ê§°Ü¡£pstmt.setInt(1,¾ÍÕâû·¨Ð´ÁË)£»
Ïà¹ØÎĵµ£º
index.jsp
<%@ page language="java" import="java.sql.*" import="java.lang.*" import="java.util.*" pageEncoding="GB2312"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<%!
& ......
import java.sql.*;
/*
* JAVAÁ¬½ÓACCESS£¬SQL Server,MySQL,OracleÊý¾Ý¿â
*
* */
public class JDBC {
public static void main(String[] args)throws Exception {
Connection conn=null;
//====Á¬½ÓACCESSÊý¾Ý¿â ......
ʵ¼ÊÓ¦ÓÃÖУ¬ÎÒÃǾ³£ÐèÒª°ÑExcelÖеÄÊý¾Ýµ¼ÈëMS SQL Server »òMySQL OracleµÈÊý¾Ý¿âÖС£ÕâЩÊý¾Ý¿â¶¼ÌṩÁ˺ܺõŤ¾ß¹©Óû§Ö±½Ó½«ExcelÖеÄÊý¾Ýµ¼ÈëÊý¾Ý¿âÖС£µ«ÊǺܶàʱºòÎÒÃDz¢²»ÄÜÖ±½Ó²Ù×÷Êý¾Ý¿â¹ÜÀíÆ÷£¨ÒòΪ°²È«ÐèÒª»áÅäÖ÷À»ðǽÀ¹½ØÊý¾Ý¿â¶Ë¿Ú£©£¬ÎÒÃÇÖ»ÄÜͨ¹ýwebÒ³Ãæ¶ÔÊý¾Ý¿â½øÐÐÔ¶³Ì²Ù×÷¡£Õâ¸öʱºò£¬½«ExcelÖеÄÊý ......
½ñÌ죬ÓÐÒ»¸ösql NOT INÓï¾ä£¬Æ¥ÅäÌõ¼þÀïÓÐÒ»¸önull£¬½á¹ûʲô¶¼²é²»³öÀ´£¬Í¬Ê¾õµÃºÜÄÑÀí½â¡£ÆäʵֻҪÃ÷°×Ò»µã¾Í¿ÉÒÔÁË£¬INÓï¾äÆ¥ÅäµÄʱºòÊÇÓÃ=£¬NOT INÆ¥ÅäµÄʱ»áÓÃ<>£¬¾ÍºÜÈÝÒ×Àí½âÁË¡£
Ê×ÏÈÎÒÃÇÒªÖªµÀ£¬nullÔÚoracleÊǸöÌØÊâµÄ¶«Î÷£¬Ã»ÓÐÈκοɱÈÐÔ£¬Èç¹ûʹÓà =/<> ¶Ô±Ènull£¬µÃµ½µÄʼÖÕÊÇfalse¡£n ......
Ò»£ºSQL Loader µÄÌصã
oracle×Ô¼º´øÁ˺ܶàµÄ¹¤¾ß¿ÉÒÔÓÃÀ´½øÐÐÊý¾ÝµÄǨÒÆ¡¢±¸·ÝºÍ»Ö¸´µÈ¹¤×÷¡£µ«ÊÇÿ¸ö¹¤¾ß¶¼ÓÐ×Ô¼ºµÄÌص㡣
±ÈÈç˵expºÍimp¿ÉÒÔ¶ÔÊý¾Ý¿âÖеÄÊý¾Ý½øÐе¼³öºÍµ¼³öµÄ¹¤×÷£¬ÊÇÒ»ÖֺܺõÄÊý¾Ý¿â±¸·ÝºÍ»Ö¸´µÄ¹¤¾ß£¬Òò´ËÖ÷ÒªÓÃÔÚÊý¾Ý¿âµÄÈȱ¸·ÝºÍ»Ö¸´·½Ãæ¡£ÓÐ×ÅËٶȿ죬ʹÓüòµ¥£¬¿ì½ÝµÄÓŵ㣻ͬʱҲÓÐһЩȱµ ......