PL/SQL¿éÖÐÈçºÎµ÷ÓÃDDLÓï¾ä
ÔÚPL/SQL¿éÖв»ÄÜÖ±½Óµ÷ÓÃDDLÓï¾ä£¬¿ÉÒÔÀûÓÃÏÂÃæµÄ·½·¨½øÐе÷ÓÃ
·½·¨Ò»£º¶¯Ì¬SQL
execute immediate 'CREATE TABLE newtable AS
SELECT *
from table_my
WHERE 1 = 2; ';
·½·¨¶þ£º
¿ÉÒÔÀûÓÃORACLEÄÚÖðüDBMS_UTILITYÖеÄEXEC_DDL_STATEMENT¹ý³Ì£¬ÓÉËüÖ´ÐÐDDLÓï¾ä¡£
BEGIN
-- ´´½¨ÓÃÓڼǼʼþÈÕÖ¾µÄÊý¾Ý±í
DBMS_UTILITY.EXEC_DDL_STATEMENT('
CREATE TABLE eventlog(
Eventname VARCHAR2(20) NOT NULL,
Eventdate date default sysdate,
Ïà¹ØÎĵµ£º
Ò»¡¢°´Ö¸¶¨·ûºÅ·Ö¸î×Ö·û´®£¬·µ»Ø·Ö¸îºóµÄÔªËظöÊý£¬·½·¨ºÜ¼òµ¥£¬¾ÍÊÇ¿´×Ö·û´®ÖдæÔÚ¶àÉÙ¸ö·Ö¸ô·ûºÅ£¬È»ºóÔÙ¼ÓÒ»£¬¾ÍÊÇÒªÇóµÄ½á¹û¡£
CREATE function Get_StrArrayLength
(
@str varchar(1024), --Òª·Ö¸îµÄ×Ö·û´®
@split varchar(10) --·Ö¸ô·û ......
Student(S#,Sname,Sage,Ssex) ѧÉú±í
Course(C#,Cname,T#) ¿Î³Ì±í
SC(S#,C#,score) ³É¼¨±í
Teacher(T#,Tname) ½Ìʦ±í
ÎÊÌ⣺
1¡¢²éѯ“”¿Î³Ì±È“”¿Î³Ì³É¼¨¸ßµÄËùÓÐѧÉúµÄѧºÅ£»
SELECT a.S# from (SELECT s#,score from SC WHERE C#='001') a,
(SELECT s#,score ......
---- ÈËÃÇÔÚʹÓÃSQLʱÍùÍù»áÏÝÈëÒ»¸öÎóÇø£¬¼´Ì«¹Ø×¢ÓÚËùµÃµÄ½á¹ûÊÇ·ñÕýÈ·£¬¶øºöÂÔ
Á˲»Í¬µÄʵÏÖ·½·¨Ö®¼ä¿ÉÄÜ´æÔÚµÄÐÔÄܲîÒ죬ÕâÖÖÐÔÄܲîÒìÔÚ´óÐ͵ĻòÊǸ´ÔÓµÄÊý¾Ý¿â
»·¾³ÖУ¨ÈçÁª»úÊÂÎñ´¦ÀíOLTP»ò¾ö²ßÖ§³ÖϵͳDSS£©ÖбíÏÖµÃÓÈΪÃ÷ÏÔ¡£±ÊÕßÔÚ¹¤×÷ʵ¼ù
Öз¢ÏÖ£ ......
Ò»°ã¹úÄÚµÄСһµãµÄÐÂÎÅÕ¾µã³ÌÐò ¶¼ÓÐ ""&request ÕâÖÖ©¶´£¬ÏÂÃæÎÒ½²½â¹¥»÷·½·¨
ÔÚµØÖ·À¸£º
and 1=1
²é¿´Â©¶´ÊÇ·ñ´æÔÚ,Èç¹û´æÔÚ¾ÍÕý³£·µ»Ø¸ÃÒ³,Èç¹ûûÓÐ,ÔòÏÔʾ´íÎ󣬼ÌÐø¼ÙÉèÕâ¸öÕ¾µÄÊý¾Ý¿â´æÔÚÒ»¸öadmin±í
ÔÚµØÖ·À¸£º
and 0<>(select count(*) from admin)
·µ»ØÒ³Õý³£,¼ÙÉè³ÉÁ¢ÁË¡£
ÏÂÃæÀ´²Â²Â¿´ ......
BSϵͳÖУ¬´«Í³µÄ×¢Èë¹¥»÷ÊÖ¶ÎÓкܶࡣ
×î»ù±¾µÄ£¬ÀûÓõ¥ÒýºÅ¹¥»÷µÄ£¬ºÜÈÝÒ×½â¾ö£¬ÓÃÀàËÆÓÚQuotedStr()£¨Êµ¼Ê¿ª·¢ÊÇÆäËûÓïÑÔ£¬ÕâÀïÓÃDELPHIÖеĺ¯Êý´úÌ棩µÄº¯Êý´¦Àí²ÎÊý¼´¿É¡£
µ«Êµ¼ÊÓ¦ÓÃÖУ¬²»¿É±ÜÃâ»áÓÐһЩӦÓÃÐèÒªÖ±½Ó´«µÝ²ÎÊý£¬ÀýÈç±íÃû¡¢²éѯÌõ¼þ¡¢ÅÅÐòÌõ¼þµÈµÈ
¶ÔÕâЩӦÓõÄ×¢Èë¹¥»÷·À²»Ê¤·À¡£
ÎÒ¿¼ÂÇÁËÒ»¸ ......
