SQLÊÖ¹¤×¢ÉäÔÀí
¹ØÓÚSQL×¢Èë(SQL Injection)µÄ·½·¨Æäʵ¶¼ºÜÆÕ±éºÍʹÓ㬹éÄÉÆðÀ´Ò²ºÜ·½±ã¡£Ò»°ã“ºÚ¿Í”ʹÓõÄÊÇÏֳɵŤ¾ßÈç“WEBÅÔ×¢¡¢°¢DÍøÂ繤¾ß°ü¡¢½ÌÖ÷XXX”µÈÕâЩ¶¼ÊǼ¯³ÉÁË
һЩ³£ÓõÄsql×¢ÈëÓï¾ä¡£ÏÂÃæÎÒ½«½éÉÜÈçºÎʹÓÃÊÖ¹¤×¢ÈëMYSQL,MSSQLÊý¾Ý¿â.
Ò»°ã©¶´²úÉúµÄÔÒò : ³ÌÐòÖ´ÐÐÖÐδ¶ÔÃô¸Ð×Ö·û½øÐйýÂË,ʹµÃ¹¥»÷Õß´«Èë¶ñÒâ×Ö·û´®Óë½á¹¹»¯Êý¾Ý²éѯÓï¾äºÏ²¢,²¢ÇÒÖ´ÐжñÒâ´úÂë.
´´½¨textÊý¾Ý±íMYSQL´úÂë:
create database if not exists `test`;
USE `test`;
/*Êý¾Ý±í `account` µÄ±í½á¹¹*/
DROP TABLE IF EXISTS `account`;
CREATE TABLE `account` (
`accountId` bigint(20) NOT NULL auto_increment,
`accountName` varchar(32) default NULL,
`accountPass` varchar(32) default NULL,
PRIMARY KEY (`accountId`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
/*Êý¾Ý±í `account` µÄÊý¾Ý*/
insert into `account` values
(1,'account1','account1');
/*Êý¾Ý±í `admin` µÄ±í½á¹¹*/
DROP TABLE IF EXISTS `admin`;
CREATE TABLE `admin` (
`adminId` bigint(20) NOT NULL auto_increment,
`adminName` varchar(32) default NULL,
`adminPass` varchar(32) default NULL,
PRIMARY KEY (`adminId`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
/*°ÑÊý¾Ý²åÈëÊý¾Ý±í `admin` µÄÊý¾Ý*/
insert into `admin` values
(1,'admin','admin');
2.©¶´µÄÀûÓÃ
Õâ¸ö¾ÍÊÇÊý¾Ý¿âÀïµÄ¼Ç¼ÁË.ÒÔºó»ÆɫΪ¹Ø¼üÓï¾ä,ºìɫΪÊäÈëµÄ²¿·Ö.
´ó¼Ò×¢Òâ¿´resultSet = statment.executeQuery("select * from account where accountId = '"+ request.getParameter("id") +"'");
ÕâÀïµÄrequest.getParameter("id") ÊÇ»ñÈ¡GET´«²ÎµÄid ²ÎÊý,Ò²¾ÍÊÇmysqlInject.jsp?id=1 ÕâÀïµÄid. ÕâÑùÕâ¸öSQLÓï¾ä¾Í±ä³ÉÁËselect * from account where accountId =
'1' ÁË.Èç¹û¼ÓÒԱ任ÄØ?
2.1©¶´µÄ¼ì²â
ÎÒÃÇ°Ñid д³ÉmysqlInject.jsp?id=1' ÄÇôSQL Óï¾ä¾Í±ä³Éselect * from account where accountId = '1'' ÁË,ÕâÑùµÄ»°SQLÓï¾ä¾Í»á±¨´í,ÒòΪSQLÓï¾äµÄÖµÊÇÐèÒª2¸ö°üº¬
·ûºÅ,±ÈÈ璺͔Èç¹ûÖ»ÊÇÊý×Ö¿ÉÒÔʲô¶¼²»Ð´.Èç¹û
Ïà¹ØÎĵµ£º
--Óï ¾ä ¹¦ ÄÜ
--Êý¾Ý²Ù×÷
SELECT --´ÓÊý¾Ý¿â±íÖмìË÷Êý¾ÝÐкÍÁÐ
INSERT --ÏòÊý¾Ý¿â±íÌí¼ÓÐÂÊý¾ÝÐÐ
DELETE --´ÓÊý¾Ý¿â±íÖÐɾ³ýÊý¾ÝÐÐ
UPDATE --¸üÐÂÊý¾Ý¿â±íÖеÄÊý¾Ý
--Êý¾Ý¶¨Òå
CREATE TABLE --´´½¨Ò»¸öÊý¾Ý¿â±í
DROP TABLE --´ÓÊý¾Ý¿âÖÐɾ³ý±í
ALTER TABLE --ÐÞ¸ÄÊý¾Ý¿â±í½á¹¹
CREATE VIEW --´´½¨Ò»¸öÊÓÍ ......
µÚ¶þÊ®Ì⣺
ÔõôÑù³éÈ¡Öظ´¼Ç¼
񡜧
id name
--------
1 test1
2 test2
3 test3
4 test4
5 test5
6 test6
2 test2
3 test3
2 test2
6 test6
²é³öËùÓÐÓÐÖظ´¼Ç¼µÄÊý¾Ý£¬ÓÃÒ»¾äsql À´ÊµÏÖ
create table D(
id varchar (20),
name varchar (20)
)
insert into D values('1','test1')
insert into D val ......
²Ù×÷·ûÓÅ»¯
IN ²Ù×÷·û
ÓÃINд³öÀ´µÄSQLµÄÓŵãÊDZȽÏÈÝÒ×д¼°ÇåÎúÒ׶®£¬Õâ±È½ÏÊʺÏÏÖ´úÈí¼þ¿ª·¢µÄ·ç¸ñ¡£
µ«ÊÇÓÃINµÄSQLÐÔÄÜ×ÜÊDZȽϵ͵ģ¬´ÓORACLEÖ´ÐеIJ½ÖèÀ´·ÖÎöÓÃINµÄSQLÓë²»ÓÃINµÄSQLÓÐÒÔÏÂÇø±ð£º
ORACLEÊÔͼ½«Æäת»»³É¶à¸ö±íµÄÁ¬½Ó£¬Èç¹ûת»»²»³É¹¦ÔòÏÈÖ´ÐÐINÀïÃæµÄ×Ó²éѯ£¬ÔÙ²éѯÍâ²ãµÄ±í¼Ç¼£¬Èç¹ûת»»³ ......
ΪÁË´ó¼Ò¸üÈÝÒ×Àí½âÎÒ¾Ù³öµÄSQLÓï¾ä£¬±¾Îļٶ¨ÒѾ½¨Á¢ÁËÒ»¸öѧÉú³É¼¨¹ÜÀíÊý¾Ý¿â£¬È«ÎľùÒÔѧÉú³É¼¨µÄ¹ÜÀíΪÀýÀ´ÃèÊö¡£
¡¡¡¡1.ÔÚ²éѯ½á¹ûÖÐÏÔʾÁÐÃû£º
¡¡¡¡a.ÓÃas¹Ø¼ü×Ö£ºselect name as 'ÐÕÃû' from students order by age
¡¡¡¡b.Ö±½Ó±íʾ£ºselect name 'ÐÕÃû' from students order by age
¡¡¡¡2.¾«È·²éÕÒ:
¡¡¡¡a.ÓÃ ......
·½·¨Ò»£º
select distinct name from tablename
·½·¨¶þ£º
select min(fid),name,sex from tablename group by name
×ܼƣº
select distinct name from tablename ´ò¿ªÖظ´¼Ç¼µÄµ¥¸ö×Ö¶Î
select * from tablename where fid in(Select min(fid) from tablename group by name)´ò¿ªÖظ´¼Ç¼µÄËùÓÐ×Ö¶ÎÖµ
select ......
