MS SQL 2000 °²È«ÉèÖÃ
¡¡¡¡ÈÕÇ°SQL INJECTIONµÄ¹¥»÷²âÊÔÓúÑÝÓúÁÒ£¬ºÜ¶à´óÐ͵ÄÍøÕ¾ºÍÂÛ̳¶¼Ïà¼Ì±»×¢Èë¡£ÕâЩÍøÕ¾Ò»°ãʹÓõĶàΪSQL SERVERÊý¾Ý¿â£¬ÕýÒòΪÈç´Ë£¬ºÜ¶àÈË¿ªÊ¼»³ÒÉSQL SERVERµÄ°²È«ÐÔ¡£ÆäʵSQL SERVER 2000ÒѾͨ¹ýÁËÃÀ¹úÕþ¸®µÄC2¼¶°²È«ÈÏÖ¤-ÕâÊǸÃÐÐÒµËùÄÜÓµÓеÄ×î¸ßÈÏÖ¤¼¶±ð£¬ËùÒÔʹÓÃSQL SERVER»¹ÊÇÏ൱µÄ°²È«µÄ¡£µ±È»ºÍORCAL¡¢DB2µÈ»¹ÊÇÓвî¾à£¬µ«ÊÇSQL SERVERµÄÒ×ÓÃÐԺ͹㷺ÐÔ»¹ÊÇÄܳÉΪÎÒÃǼÌÐøʹÓÃÏÂÈ¥µÄÀíÓÉ¡£ÄÇÔõôÑù²ÅÄÜʹSQL SERVERµÄÉèÖÃÈÃÈËʹÓõķÅÐÄÄØ£¿
¡¡¡¡µÚÒ»²½¿Ï¶¨ÊÇ´òÉÏSQL SERVER×îÐµİ²È«²¹¶¡£¬ÏÖÔÚ²¹¶¡ÒѾ³öµ½ÁËSP3£¬ÏÂÔصØÖ·£ºhttp://www.microsoft.com/sql/downloads/2000/sp3.asp ¡£Èç¹ûÕâÒ»²½¶¼Ã»ÓÐ×öºÃ£¬ÄÇÎÒÃÇҲûÓмÌÐøÏÂÈ¥µÄ±ØÒªÁË¡£
¡¡¡¡µÚ¶þ²½ÊÇÐÞ¸ÄĬÈϵÄ1433¶Ë¿Ú£¬²¢ÇÒ½«SQL SERVERÒþ²Ø¡£ÕâÑùÄܽûÖ¹¶ÔÊÔͼö¾ÙÍøÂçÉÏÏÖÓÐµÄ SQL Server ¿Í»§¶ËËù·¢³öµÄ¹ã²¥×÷³öÏìÓ¦¡£ÁíÍ⣬»¹ÐèÒªÔÚTCP/IPɸѡÖн«1433¶Ë¿ÚÆÁ±Îµô£¬¾¡¿ÉÄܵÄÒþ²ØÄãµÄSQL SERVERÊý¾Ý¿â¡£ÕâÑù×ÓÒ»µ«Èù¥»÷´´½¨ÁËSQL SERVERµÄÕ˺ţ¬Ò²²»ÄÜÂíÉÏʹÓòéѯ·ÖÎöÆ÷Ô¶³ÌµÇ½À´½øÐÐÏÂÒ»²½µÄ¹¥»÷¡£µ¥´ÓASP£¬PHPµÈÒ³Ãæ¹¹Ôì¶ñÒâÓï¾äµÄ»°£¬»¹ÓÐÐèÒª²é¿´·µ»ØÖµµÄÎÊÌ⣬×Ü±È ²»ÉÏÖ±½Ó²éѯ·ÖÎöÆ÷À´µÃÀûÂä¡£ËùÒÔÎÒÃÇÊ×ÏÈÒª×öµ½¼´Ê¹ÈñðÈË×¢ÈëÁË£¬Ò²²»ÄÜÈù¥»÷ÕßÏÂÒ»²½×öµÃ˳µ±¡£Ð޸ķ½·¨£ºÆóÒµ¹ÜÀíÆ÷ --> ÄãµÄÊý¾Ý¿â×é --> ÊôÐÔ --> ³£¹æ --> ÍøÂçÅäÖà --> TCP/IP --> ÊôÐÔ £¬ÔÚÕâ¶ù½«ÄãµÄĬÈ϶˿ڽøÐÐÐ޸ģ¬ºÍSQL SERVERµÄÒþ²Ø¡£
¡¡¡¡µÚÈý²½ÊǺÜÖØÒªµÄÒ»²½£¬SQL INJECTIONÍùÍùÔÚWEB CODEÖвúÉú¡£¶ø×öΪϵͳ¹ÜÀíÔ±»òÕßÊý¾Ý¿â¹ÜÀíÔ±£¬×ܲ»Äܳ£³£µÄÈ¥¿´Ã¿Ò»¶Î´úÂë¡£¼´Ê¹³£³£¿´´úÂ룬Ҳ²»Äܱ£Ö¤ÎÒÃÇÔÚÉÏÃæµÄÊèºö¡£ÄÇÔõô°ì£¿ÎÒÃǾÍÒª´ÓÊý ¾Ý¿â½ÇÉ«×ÅÊÖ£¬ÈÃÊý¾Ý¿âÓû§µÄȨÏÞ»®·Öµ½×îµÍµã¡£SQL SERVERµÄĬÈÏȨÏÞÈÃÈËÕæµÄºÜÍ·ÌÛ£¬È¨ÏÞ´óµÃ·Ç³£µÄ¸ß£¬È¨ÏÞСµÄÓÖʲô¶¼×ö²»ÁË£¬SYSADMINºÍdb_ownerÕæÊÇÈÃÈËÓÖ°®ÓÖºÞ¡£¹¥»÷ÕßÒ»µ«È· ÈÏÁËÍøÕ¾´æÔÚSQL INJECTION©¶´£¬¿Ï¶¨ÓÐÒ»²½²Ù×÷²½Öè¾ÍÊDzâÊÔÍøÕ¾µÄSQL SERVERʹÓÃÕß¾ßÓжà´óµÄȨÏÞ¡£Ò»°ã¶¼»á½èÖúSELECT IS_SRVROLEMEMBER('sysadmin')£¬»òÕßSELECT IS_MEMBER('db_owner')£¬ÔÙ»òÕßÓÃuser = 0(ÈÃ×Ö·ûºÍÊý×Ö½øÐбȽϣ¬SQL SERVER¾Í»áÌáʾÁË´íÎóÐÅÏ¢£¬´Ó¸ÃÐÅÏ¢Öм´¿ÉÖªµÀһЩÃô¸ÐÐÅÏ¢)µÈÓï¾ä½øÐвâÊÔ¡£·½·¨»¹ÓУ¬ÎÒÒ²²»¸Ò¶à˵ÁË¡£ÆäÒ»ÅÂ´í£¬Æä¶þÅÂÁªÃËÖеÄÈ˱⡣ÔÚµ±Ç°£¬Èç¹ûÍøÕ¾µÄÊý¾Ý¿âʹÓÃÕßÓõÄÊÇSAȨÏÞ£¬ÔÙ¼ÓÉÏÈ·ÈÏÁ
Ïà¹ØÎĵµ£º
COLLATE ÊÇÒ»¸ö×Ӿ䣬¿ÉÓ¦ÓÃÓÚÊý¾Ý¿â¶¨Òå»òÁж¨ÒåÒÔ¶¨ÒåÅÅÐò¹æÔò£¬»òÓ¦ÓÃÓÚ×Ö·û´®±í´ïʽÒÔÓ¦ÓÃÅÅÐò¹æÔòת»»¡£
Óï·¨
COLLATE { <collation_name> | database_default }
<collation_name> :: =
{ Windows_collation_name } | { SQL_collation_name }
²ÎÊý
collation_name
  ......
Òѳɹ¦Óë·þÎñÆ÷½¨Á¢Á¬½Ó£¬µ«ÊÇÔڵǼǰµÄÎÕÊÖÆڼ䷢Éú´íÎóµÄ´¦Àí·½·¨
ÔÚÓÃSQL SERVER Óû§µÇ½SQL SERVER 2005ʱ£¬µ¯³öÒ»¸ö¶Ô»°¿ò£¬Ìáʾ" Òѳɹ¦Óë·þÎñÆ÷½¨Á¢Á¬½Ó£¬µ«ÊÇÔڵǼǰµÄÎÕÊÖÆڼ䷢Éú´íÎó",²éÕÒÁËÒ»ÏÂÔÒò£¬ÔÀ´ÊÇSQL SERVER 2005ʱ½ûÓÃTCP/IPµÇ½ÁË£¬´ò¿ªSQL SERVER 2005²Ë ......
Question 1£º
Êý¾Ý¿âµÄÑé֤ģʽΪWindowsÑéÖ¤£¬É¾³ýÁËMS SQL ServerÕʺÅBUILTIN\Administrators,µÇ½²»ÉÏSQL Server¹ÜÀíÆ÷£¿
Answer£º
1.ÖØÐÂÔËÐÐMS SQL SERVERµÄ°²×°³ÌÐò£¬ÔÚ“°²×°Ñ¡ÏçÃæÀïÑ¡Ôñ“¸ß¼¶Ñ¡Ï¬ÏÂÒ»²½ºóÑ¡Ôñ“×¢²á±íÖؽ¨”£¬½ÓÏÂÀ´¸ú° ......
CREATE procedure SqlPager_Ex
@sqlstr varchar(8000), --²éѯ×Ö·û´®
@currentpage int, --µÚNÒ³
@pagesize int --ÿҳÐÐÊý,
as
set nocount on
declare @P1 int, --P1ÊÇÓαêµÄid
@rowcount int
exec sp_cursorope ......
ÊìϤSQL SERVER 2000µÄÊý¾Ý¿â¹ÜÀíÔ±¶¼ÖªµÀ£¬ÆäDTS¿ÉÒÔ½øÐÐÊý¾ÝµÄµ¼Èëµ¼³ö£¬Æäʵ£¬ÎÒÃÇÒ²¿ÉÒÔʹÓÃTransact-SQLÓï¾ä½øÐе¼Èëµ¼³ö²Ù×÷¡£ÔÚTransact-SQLÓï¾äÖУ¬ÎÒÃÇÖ÷ҪʹÓÃOpenDataSourceº¯Êý¡¢OPENROWSET º¯Êý£¬¹ØÓÚº¯ÊýµÄÏêϸ˵Ã÷£¬Çë²Î¿¼SQLÁª»ú°ïÖú¡£ÀûÓÃÏÂÊö·½·¨£¬¿ÉÒÔÊ®·ÖÈÝÒ×µØʵÏÖSQL SERVER¡¢ACCESS¡¢EXCELÊý¾ ......