pl plusÖ´Ðб¾µØµÄsqlÎļþÖеÄsqlÓï¾ä
¹¦ÄÜ£ºpl plusÖ´Ðб¾µØµÄsqlÎļþÖеÄsqlÓï¾ä
˵Ã÷£º±ÈÈ磺e:\zhaozhenlongÏÂÓÐcreate_table.sqlÎļþ£¬Ôò°´ÈçÏ·½·¨Ö´ÐУº
²½Ö裺
1¡¢ÔÚpl plusµÄ windowÏ£¬
2¡¢Ö´ÐУº
@e:\zhaozhenlong\drop_table.sql
@e:\zhaozhenlong\create_table.sql
Ïà¹ØÎĵµ£º
drop table #t
create table #t(req_spid int,obj_name sysname)
declare @s nvarchar(4000)
,@rid int,@dbname sysname,@id int,@objname sysnam ......
USE AdventureWorks
GO
CREATE PROC spEmployee
AS
SELECT * from Humanresources.Employee
EXEC spEmployee
ALTER PROC spEmployee
AS SELECT EmployeeID from Humanresources.Employee
drop proc spEmployee
ALTER PROC spEmployee
@LastName nvarchar(50) = NULL
AS
IF @LastName IS NULL
SELECT * f ......
ÏÖÔڱȽÏÁ÷ÐеÄSQL×¢È빤¾ßµÄ¹¤×÷·½Ê½ÊÇͨ¹ýGETºÍPOSTÀ´Íê³É¾ßÌåµÄ×¢Èë¡£ÎÒÃÇ¿ÉÒÔ½«×¢ÈëʱËùÓõ½µÄÒ»ÇзûºÅ¹ýÂ˵ô¡£ÄÇôÎÒÃÇ¿ÉÒÔͨ¹ý¼òµ¥µÄÅжÏÓï¾äÀ´´ïµ½Ä¿µÄ¡£ÎÒÃÇÏÈÀ´¹ýÂËGET°É¡£
´úÂëÈçÏ£º
dim sql_injdata SQL_inj SQL_Get
SQL_injdata = "’|and|exec|insert|select|delete|update|count|*|%|chr|mid|mast ......
¹¦ÄÜ£ºpl/sqlÖ´Ðб¾µØµÄsqlÎļþÖеÄsqlÓï¾ä
˵Ã÷£º±ÈÈ磺e:\zhaozhenlongÏÂÓÐcreate_table.sqlÎļþ£¬Ôò°´ÈçÏ·½·¨Ö´ÐУº
²½Ö裺
1¡¢ÔÚpl/sqlµÄcommand windowÏ£¬
»òÔÚwindowsµÄ¿ªÊ¼/'ÔËÐÐ'Ï£¬sqlplus /nolog; connect cs@orademo;
2¡¢Ö´ÐУº
@@e:\zhaozhenlong\drop_table ......
SQL Server 2008 й¦ÄÜ
ÓÃÓÚ¹ÜÀíµÄй¦ÄÜÓÐÄÄЩ£¿
¶ÔÓÚ¾³£Òª¸ºÔð¹ÜÀí·Ö²¼ÔÚÊýʮ̨ÉõÖÁÊý°Ų̀·þÎñÆ÷ÖеÄÊýÒ԰ټƻòǧ¼ÆµÄ´óÐ͸´ÔÓÊý¾Ý¿â»·¾³µÄÊý¾Ý¿â¹ÜÀíÔ±¶øÑÔ£¬ÐµIJßÂÔ¹ÜÀí¡¢¶à·þÎñÆ÷²éѯ¹¦ÄÜ¡¢ÅäÖ÷þÎñÆ÷ÒÔ¼°Êý¾ÝÊÕ¼¯Æ÷/¹ÜÀí²Ö¿â¹¦ÄÜΪËûÃǸ³ÓèÁËÇ¿´óµÄÄÜÁ¦¡£
ÓÃÓÚ¿ÉÉìËõÐÔµÄй¦ÄÜÓÐÄ ......
