SQLÊÖ¹¤×¢ÉäÔÀí
¹ØÓÚSQL×¢Èë(SQL Injection)µÄ·½·¨Æäʵ¶¼ºÜÆÕ±éºÍʹÓ㬹éÄÉÆðÀ´Ò²ºÜ·½±ã¡£Ò»°ã“ºÚ¿Í”ʹÓõÄÊÇÏֳɵŤ¾ßÈç“WEBÅÔ×¢¡¢°¢DÍøÂ繤¾ß°ü¡¢½ÌÖ÷XXX”µÈÕâЩ¶¼ÊǼ¯³ÉÁË
һЩ³£ÓõÄsql×¢ÈëÓï¾ä¡£ÏÂÃæÎÒ½«½éÉÜÈçºÎʹÓÃÊÖ¹¤×¢ÈëMYSQL,MSSQLÊý¾Ý¿â.
Ò»°ã©¶´²úÉúµÄÔÒò : ³ÌÐòÖ´ÐÐÖÐδ¶ÔÃô¸Ð×Ö·û½øÐйýÂË,ʹµÃ¹¥»÷Õß´«Èë¶ñÒâ×Ö·û´®Óë½á¹¹»¯Êý¾Ý²éѯÓï¾äºÏ²¢,²¢ÇÒÖ´ÐжñÒâ´úÂë.
´´½¨textÊý¾Ý±íMYSQL´úÂë:
create database if not exists `test`;
USE `test`;
/*Êý¾Ý±í `account` µÄ±í½á¹¹*/
DROP TABLE IF EXISTS `account`;
CREATE TABLE `account` (
`accountId` bigint(20) NOT NULL auto_increment,
`accountName` varchar(32) default NULL,
`accountPass` varchar(32) default NULL,
PRIMARY KEY (`accountId`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
/*Êý¾Ý±í `account` µÄÊý¾Ý*/
insert into `account` values
(1,'account1','account1');
/*Êý¾Ý±í `admin` µÄ±í½á¹¹*/
DROP TABLE IF EXISTS `admin`;
CREATE TABLE `admin` (
`adminId` bigint(20) NOT NULL auto_increment,
`adminName` varchar(32) default NULL,
`adminPass` varchar(32) default NULL,
PRIMARY KEY (`adminId`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
/*°ÑÊý¾Ý²åÈëÊý¾Ý±í `admin` µÄÊý¾Ý*/
insert into `admin` values
(1,'admin','admin');
2.©¶´µÄÀûÓÃ
Õâ¸ö¾ÍÊÇÊý¾Ý¿âÀïµÄ¼Ç¼ÁË.ÒÔºó»ÆɫΪ¹Ø¼üÓï¾ä,ºìɫΪÊäÈëµÄ²¿·Ö.
´ó¼Ò×¢Òâ¿´resultSet = statment.executeQuery("select * from account where accountId = '"+ request.getParameter("id") +"'");
ÕâÀïµÄrequest.getParameter("id") ÊÇ»ñÈ¡GET´«²ÎµÄid ²ÎÊý,Ò²¾ÍÊÇmysqlInject.jsp?id=1 ÕâÀïµÄid. ÕâÑùÕâ¸öSQLÓï¾ä¾Í±ä³ÉÁËselect * from account where accountId =
'1' ÁË.Èç¹û¼ÓÒԱ任ÄØ?
2.1©¶´µÄ¼ì²â
ÎÒÃÇ°Ñid д³ÉmysqlInject.jsp?id=1' ÄÇôSQL Óï¾ä¾Í±ä³Éselect * from account where accountId = '1'' ÁË,ÕâÑùµÄ»°SQLÓï¾ä¾Í»á±¨´í,ÒòΪSQLÓï¾äµÄÖµÊÇÐèÒª2¸ö°üº¬
·ûºÅ,±ÈÈ璺͔Èç¹ûÖ»ÊÇÊý×Ö¿ÉÒÔʲô¶¼²»Ð´.Èç¹û
Ïà¹ØÎĵµ£º
create PROCEDURE pagelist
@tablename nvarchar(50),
@fieldname nvarchar(50)='*',
@pagesize int output,--ÿҳÏÔʾ¼Ç¼ÌõÊý
@currentpage int output,--µÚ¼¸Ò³
@orderid nvarchar(50),--Ö÷¼üÅÅÐò
@sort int,--ÅÅÐò·½Ê½£¬1±íʾÉýÐò£¬0±íʾ½µÐòÅÅÁÐ
......
and exists (select * from sysobjects) //ÅжÏÊÇ·ñÊÇMSSQL and exists(select * from tableName) //ÅжÏij±íÊÇ·ñ´æÔÚ..tableNameΪ±íÃû and 1=(select @@VERSION) //MSSQL°æ±¾ And 1=(select db_name()) //µ±Ç°Êý¾Ý¿âÃû and 1=(select @@servername) //±¾µØ·þÎñÃû and 1=(select IS_SRVROLEMEMBER('sysadmin')) ......
´æ´¢½ø³Ì¾ÍÊÇ×÷Ϊ¿ÉÖ´ÐжÔÏó´æ·ÅÔÚÊý¾Ý¿âÖеÄÒ»¸ö»ò¶à¸öSQLÃüÁî¡£
¶¨Òå×ÜÊǺܳéÏó¡£´æ´¢½ø³ÌÆäʵ¾ÍÊÇÄÜÍê³ÉÒ»¶¨²Ù×÷µÄÒ»×éSQLÓï¾ä£¬Ö»²»¹ýÕâ×éÓï¾äÊÇ·ÅÔÚÊý¾Ý¿âÖеÄ(ÕâÀïÎÒÃÇ̸ֻSQL SERVER)¡£Èç¹ûÎÒÃÇͨ¹ý´´½¨´æ´¢½ø³ÌÒÔ¼°ÔÚASPÖе÷Óô洢½ø³Ì£¬¾Í¿ÉÒÔ±ÜÃ⽫SQLÓï¾äͬASP´úÂë»ìÔÓÔÚÒ ......
µÚÒ»Ì⣺
Ϊ¹ÜÀíÒµÎñÅàѵÐÅÏ¢£¬½¨Á¢3¸ö±í£º
S(S#,SN,SD,SA)S#,SN,SD,SA·Ö±ð´ú±íѧºÅ£¬Ñ§Ô±ÐÕÃû£¬ËùÊôµ¥Î»£¬Ñ§Ô±ÄêÁä
C(C#,CN)C#,CN·Ö±ð´ú±í¿Î³Ì±àºÅ£¬¿Î³ÌÃû³Æ
SC(S#,C#,G) S#,C#,G·Ö±ð´ú±íѧºÅ£¬ËùÑ¡µÄ¿Î³Ì±àºÅ£¬Ñ§Ï°³É¼¨
(1)ʹÓñê×¼SQLǶÌ×Óï¾ä²éѯѡÐ޿γÌÃû³ÆΪ’Ë°ÊÕ»ù´¡’µÄѧԱѧºÅºÍÐÕÃû?
(2) ʹ ......
sqlÔڶ෽ÃþË÷ºÍÅóÓѵİïÖúÏ£¬ÖÕÓÚ¿ÉÒÔÁ¬½Ó³É¹¦£¬Õâ¶ÔÎÒÀ´ËµÊǸöÀï³Ì±®À´µÄ£¬ÔÚ¹¤×÷µÄ¹ý³ÌÖÐÎÒ×ÜÊÇûÓлú»á¿ÉÒÔÅö´¥µ½SQL£¬µ±ÎÒ¹ÄÆðÓÂÆøÓÂÆøÏëѧϰµÄʱºòÎÒÁ¬ÔõôÓö¼²»»á£¬½øÀ´ÖÕÓÚÁ´½Ó³É¹¦£¬¿ªÐĵغÍÅóÓÑ·ÖÏíÎҵijɹû¡£
1.°²×°sql£¬Ñ§Ï°SQl£¬ÒòΪһ°ãÎÒÊÇÏëÒªÓÃÓÚVS2005ÏîÄ¿µÄ£¬ËùÒÔÒ»°ã×îºó¾ÍÏÈ°²×°VSÈí¼þ£¬ÒÔ±ã ......
