MS SQL 2000 °²È«ÉèÖÃ
¡¡¡¡ÈÕÇ°SQL INJECTIONµÄ¹¥»÷²âÊÔÓúÑÝÓúÁÒ£¬ºÜ¶à´óÐ͵ÄÍøÕ¾ºÍÂÛ̳¶¼Ïà¼Ì±»×¢Èë¡£ÕâЩÍøÕ¾Ò»°ãʹÓõĶàΪSQL SERVERÊý¾Ý¿â£¬ÕýÒòΪÈç´Ë£¬ºÜ¶àÈË¿ªÊ¼»³ÒÉSQL SERVERµÄ°²È«ÐÔ¡£ÆäʵSQL SERVER 2000ÒѾͨ¹ýÁËÃÀ¹úÕþ¸®µÄC2¼¶°²È«ÈÏÖ¤-ÕâÊǸÃÐÐÒµËùÄÜÓµÓеÄ×î¸ßÈÏÖ¤¼¶±ð£¬ËùÒÔʹÓÃSQL SERVER»¹ÊÇÏ൱µÄ°²È«µÄ¡£µ±È»ºÍORCAL¡¢DB2µÈ»¹ÊÇÓвî¾à£¬µ«ÊÇSQL SERVERµÄÒ×ÓÃÐԺ͹㷺ÐÔ»¹ÊÇÄܳÉΪÎÒÃǼÌÐøʹÓÃÏÂÈ¥µÄÀíÓÉ¡£ÄÇÔõôÑù²ÅÄÜʹSQL SERVERµÄÉèÖÃÈÃÈËʹÓõķÅÐÄÄØ£¿
¡¡¡¡µÚÒ»²½¿Ï¶¨ÊÇ´òÉÏSQL SERVER×îÐµİ²È«²¹¶¡£¬ÏÖÔÚ²¹¶¡ÒѾ³öµ½ÁËSP3£¬ÏÂÔصØÖ·£ºhttp://www.microsoft.com/sql/downloads/2000/sp3.asp ¡£Èç¹ûÕâÒ»²½¶¼Ã»ÓÐ×öºÃ£¬ÄÇÎÒÃÇҲûÓмÌÐøÏÂÈ¥µÄ±ØÒªÁË¡£
¡¡¡¡µÚ¶þ²½ÊÇÐÞ¸ÄĬÈϵÄ1433¶Ë¿Ú£¬²¢ÇÒ½«SQL SERVERÒþ²Ø¡£ÕâÑùÄܽûÖ¹¶ÔÊÔͼö¾ÙÍøÂçÉÏÏÖÓÐµÄ SQL Server ¿Í»§¶ËËù·¢³öµÄ¹ã²¥×÷³öÏìÓ¦¡£ÁíÍ⣬»¹ÐèÒªÔÚTCP/IPɸѡÖн«1433¶Ë¿ÚÆÁ±Îµô£¬¾¡¿ÉÄܵÄÒþ²ØÄãµÄSQL SERVERÊý¾Ý¿â¡£ÕâÑù×ÓÒ»µ«Èù¥»÷´´½¨ÁËSQL SERVERµÄÕ˺ţ¬Ò²²»ÄÜÂíÉÏʹÓòéѯ·ÖÎöÆ÷Ô¶³ÌµÇ½À´½øÐÐÏÂÒ»²½µÄ¹¥»÷¡£µ¥´ÓASP£¬PHPµÈÒ³Ãæ¹¹Ôì¶ñÒâÓï¾äµÄ»°£¬»¹ÓÐÐèÒª²é¿´·µ»ØÖµµÄÎÊÌ⣬×Ü±È ²»ÉÏÖ±½Ó²éѯ·ÖÎöÆ÷À´µÃÀûÂä¡£ËùÒÔÎÒÃÇÊ×ÏÈÒª×öµ½¼´Ê¹ÈñðÈË×¢ÈëÁË£¬Ò²²»ÄÜÈù¥»÷ÕßÏÂÒ»²½×öµÃ˳µ±¡£Ð޸ķ½·¨£ºÆóÒµ¹ÜÀíÆ÷ --> ÄãµÄÊý¾Ý¿â×é --> ÊôÐÔ --> ³£¹æ --> ÍøÂçÅäÖà --> TCP/IP --> ÊôÐÔ £¬ÔÚÕâ¶ù½«ÄãµÄĬÈ϶˿ڽøÐÐÐ޸ģ¬ºÍSQL SERVERµÄÒþ²Ø¡£
¡¡¡¡µÚÈý²½ÊǺÜÖØÒªµÄÒ»²½£¬SQL INJECTIONÍùÍùÔÚWEB CODEÖвúÉú¡£¶ø×öΪϵͳ¹ÜÀíÔ±»òÕßÊý¾Ý¿â¹ÜÀíÔ±£¬×ܲ»Äܳ£³£µÄÈ¥¿´Ã¿Ò»¶Î´úÂë¡£¼´Ê¹³£³£¿´´úÂ룬Ҳ²»Äܱ£Ö¤ÎÒÃÇÔÚÉÏÃæµÄÊèºö¡£ÄÇÔõô°ì£¿ÎÒÃǾÍÒª´ÓÊý ¾Ý¿â½ÇÉ«×ÅÊÖ£¬ÈÃÊý¾Ý¿âÓû§µÄȨÏÞ»®·Öµ½×îµÍµã¡£SQL SERVERµÄĬÈÏȨÏÞÈÃÈËÕæµÄºÜÍ·ÌÛ£¬È¨ÏÞ´óµÃ·Ç³£µÄ¸ß£¬È¨ÏÞСµÄÓÖʲô¶¼×ö²»ÁË£¬SYSADMINºÍdb_ownerÕæÊÇÈÃÈËÓÖ°®ÓÖºÞ¡£¹¥»÷ÕßÒ»µ«È· ÈÏÁËÍøÕ¾´æÔÚSQL INJECTION©¶´£¬¿Ï¶¨ÓÐÒ»²½²Ù×÷²½Öè¾ÍÊDzâÊÔÍøÕ¾µÄSQL SERVERʹÓÃÕß¾ßÓжà´óµÄȨÏÞ¡£Ò»°ã¶¼»á½èÖúSELECT IS_SRVROLEMEMBER('sysadmin')£¬»òÕßSELECT IS_MEMBER('db_owner')£¬ÔÙ»òÕßÓÃuser = 0(ÈÃ×Ö·ûºÍÊý×Ö½øÐбȽϣ¬SQL SERVER¾Í»áÌáʾÁË´íÎóÐÅÏ¢£¬´Ó¸ÃÐÅÏ¢Öм´¿ÉÖªµÀһЩÃô¸ÐÐÅÏ¢)µÈÓï¾ä½øÐвâÊÔ¡£·½·¨»¹ÓУ¬ÎÒÒ²²»¸Ò¶à˵ÁË¡£ÆäÒ»ÅÂ´í£¬Æä¶þÅÂÁªÃËÖеÄÈ˱⡣ÔÚµ±Ç°£¬Èç¹ûÍøÕ¾µÄÊý¾Ý¿âʹÓÃÕßÓõÄÊÇSAȨÏÞ£¬ÔÙ¼ÓÉÏÈ·ÈÏÁ
Ïà¹ØÎĵµ£º
1.¶Á³ö±íÖеÄ×Ö¶ÎÃû
ResultSet rs = test.selectSql("SELECT * from datainfo");
java.sql.ResultSetMetaData md=rs.getMetaData(); //¶Á³öÊý¾Ý¿âµÄ×Ö¶ÎÃû
int nColumn=md.getColumnCount(); //×Ö¶Î×ÜÊý
for(int i=0;i<nColumn;i++)
& ......
COLLATE ÊÇÒ»¸ö×Ӿ䣬¿ÉÓ¦ÓÃÓÚÊý¾Ý¿â¶¨Òå»òÁж¨ÒåÒÔ¶¨ÒåÅÅÐò¹æÔò£¬»òÓ¦ÓÃÓÚ×Ö·û´®±í´ïʽÒÔÓ¦ÓÃÅÅÐò¹æÔòת»»¡£
Óï·¨
COLLATE { <collation_name> | database_default }
<collation_name> :: =
{ Windows_collation_name } | { SQL_collation_name }
²ÎÊý
collation_name
  ......
WITH V AS(SELECT ROW_NUMBER() OVER(order by fcustid desc) AS RN,* from ts_dict AS SourceView)
SELECT * from V WHERE RN BETWEEN 1 AND 10
תÔصØÖ·£ºhttp://www.cnblogs.com/nokiaguy/archive/2009/02/05/1384860.html
ÅÅÃûº¯ÊýÊÇSQL Server2005мӵŦÄÜ¡£ÔÚSQL Server2005ÖÐÓÐÈçÏÂËĸöÅÅÃûº ......
À´Ô´http://hi.baidu.com/smilevt/blog/item/04bddeef0fe3f42e2cf5348b.htmlÕâÀﻹÓкܶàsql serverµÄÌû×Ó
1. µ±Ç°ÏµÍ³ÈÕÆÚ¡¢Ê±¼ä
select getdate()
2. dateadd ÔÚÏòÖ¸¶¨ÈÕÆÚ¼ÓÉÏÒ»¶Îʱ¼äµÄ»ù´¡ÉÏ£¬·µ»ØÐ嵀 datetime Öµ
ÀýÈ磺ÏòÈÕÆÚ¼ÓÉÏ2Ìì
select dateadd(day,2,'2004-10-15') --·µ»Ø£º2004-10-17 00:00:00. ......
USE master
GO
DECLARE @SQL VARCHAR(MAX);
SET @SQL=''
SELECT @SQL=@SQL+'; KILL '+RTRIM(SPID)
from master..sysprocesses
WHERE dbid=DB_ID('hotel');
EXEC(@SQL);
GO
ALTER DATABASE hotel SET MULTI_USER ......