Ϊʲôsql ÀïÒªÇóstring×Ö¶ÎÓõ¥ÒýºÅÒýÆðÀ´
select * from student where name=?;
Èç¹û²»Óõ¥ÒýºÅÒýÆðÀ´£¬ pstmt.setString(1,"xx or 1=1");¼´sqlÓ¦¸Ã¾ÍÊÇselect * from student where name=xx or 1=1¾Í¿ÉÒÔÈ«²¿²é³ö¡£
Ç¿ÖƵ¥ÒýºÅÒýÆðÀ´£¬select * from student where name='xx or 1=1'¡£¾ÍÎÞЧÁË¡£
ÊýÖµÐ͵ÄûÓÐÒªÇóÓõ¥ÒýºÅÒýÆðÀ´£¬Ó¦¸ÃÊÇÓÉÓÚÓÐÒ»¸öת»»¹ý³Ì°É¡£
select * from student where id=?;
pstmt.setString(1,"xx or 1=1")ת»»Ê§°Ü¡£pstmt.setInt(1,¾ÍÕâû·¨Ð´ÁË)£»
Ïà¹ØÎĵµ£º
character-set-server = GB2312
collation-server = latin1_general_ci
MySQL×Ö·û¼¯ GBK¡¢GB2312¡¢UTF8Çø±ð ½â¾ö MYSQLÖÐÎÄÂÒÂëÎÊÌâ ÊÕ²Ø
MySQLÖÐÉæ¼°µÄ¼¸¸ö×Ö·û¼¯
character-set-server/default-character-set£º·þÎñÆ÷×Ö·û¼¯£¬Ä¬ÈÏÇé¿öÏÂËù²ÉÓõġ£
character-set-database£ºÊý¾Ý¿â×Ö·û¼¯¡£
character-set-table£ºÊ ......
import java.sql.*;
/*
* JAVAÁ¬½ÓACCESS£¬SQL Server,MySQL,OracleÊý¾Ý¿â
*
* */
public class JDBC {
public static void main(String[] args)throws Exception {
Connection conn=null;
//====Á¬½ÓACCESSÊý¾Ý¿â ......
Êý¾Ý¿â±íµÄ¼Ç¼Èç¹ûÌ«¶à£¬±ÈÈç´ïµ½ÁË20ÍòÒÔÉÏ£¬ÔÚbosÖÐÒ»´ÎÐÔ²é¼Ç¼×ö´¦Àí¿ÉÄÜ»á³öÏÖoutofmemoryµÄ´íÎó£¬ÎÒÃÇÖ»ÄܲÉÈ¡·Ö¶ÎÈ¡¼Ç¼À´´¦Àí£¬¾ßÌåʾÀýÈçÏ£º
/*dialect*/
With Cust AS
( SELECT fnumber,
ROW_NUMBER() OVER (order by fnumber) as RowNumber ......
create proc [dbo].[GenerateDataDictionary] as
begin
--»ñÈ¡Êý¾Ý±íÃû
declare @tableid int
declare mycursor Cursor
for select object_id from sys.objects where type='U' and name<>'dtproperties'
--»ñÈ¡×Ö¶ÎÃû³Æ¡¢±êʶ¡¢×Ö¶ÎÐòºÅ¡¢Õ¼ÓÃ×Ö½ÚÊý¡¢Ð¡ÊýλÊý¡¢ÔÊÐí¿Õµ ......
Ò»£ºSQL Loader µÄÌصã
oracle×Ô¼º´øÁ˺ܶàµÄ¹¤¾ß¿ÉÒÔÓÃÀ´½øÐÐÊý¾ÝµÄǨÒÆ¡¢±¸·ÝºÍ»Ö¸´µÈ¹¤×÷¡£µ«ÊÇÿ¸ö¹¤¾ß¶¼ÓÐ×Ô¼ºµÄÌص㡣
±ÈÈç˵expºÍimp¿ÉÒÔ¶ÔÊý¾Ý¿âÖеÄÊý¾Ý½øÐе¼³öºÍµ¼³öµÄ¹¤×÷£¬ÊÇÒ»ÖֺܺõÄÊý¾Ý¿â±¸·ÝºÍ»Ö¸´µÄ¹¤¾ß£¬Òò´ËÖ÷ÒªÓÃÔÚÊý¾Ý¿âµÄÈȱ¸·ÝºÍ»Ö¸´·½Ãæ¡£ÓÐ×ÅËٶȿ죬ʹÓüòµ¥£¬¿ì½ÝµÄÓŵ㣻ͬʱҲÓÐһЩȱµ ......
