SQLÊÖ¹¤×¢ÉäÔÀí
¹ØÓÚSQL×¢Èë(SQL Injection)µÄ·½·¨Æäʵ¶¼ºÜÆÕ±éºÍʹÓ㬹éÄÉÆðÀ´Ò²ºÜ·½±ã¡£Ò»°ã“ºÚ¿Í”ʹÓõÄÊÇÏֳɵŤ¾ßÈç“WEBÅÔ×¢¡¢°¢DÍøÂ繤¾ß°ü¡¢½ÌÖ÷XXX”µÈÕâЩ¶¼ÊǼ¯³ÉÁË
һЩ³£ÓõÄsql×¢ÈëÓï¾ä¡£ÏÂÃæÎÒ½«½éÉÜÈçºÎʹÓÃÊÖ¹¤×¢ÈëMYSQL,MSSQLÊý¾Ý¿â.
Ò»°ã©¶´²úÉúµÄÔÒò : ³ÌÐòÖ´ÐÐÖÐδ¶ÔÃô¸Ð×Ö·û½øÐйýÂË,ʹµÃ¹¥»÷Õß´«Èë¶ñÒâ×Ö·û´®Óë½á¹¹»¯Êý¾Ý²éѯÓï¾äºÏ²¢,²¢ÇÒÖ´ÐжñÒâ´úÂë.
´´½¨textÊý¾Ý±íMYSQL´úÂë:
create database if not exists `test`;
USE `test`;
/*Êý¾Ý±í `account` µÄ±í½á¹¹*/
DROP TABLE IF EXISTS `account`;
CREATE TABLE `account` (
`accountId` bigint(20) NOT NULL auto_increment,
`accountName` varchar(32) default NULL,
`accountPass` varchar(32) default NULL,
PRIMARY KEY (`accountId`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
/*Êý¾Ý±í `account` µÄÊý¾Ý*/
insert into `account` values
(1,'account1','account1');
/*Êý¾Ý±í `admin` µÄ±í½á¹¹*/
DROP TABLE IF EXISTS `admin`;
CREATE TABLE `admin` (
`adminId` bigint(20) NOT NULL auto_increment,
`adminName` varchar(32) default NULL,
`adminPass` varchar(32) default NULL,
PRIMARY KEY (`adminId`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
/*°ÑÊý¾Ý²åÈëÊý¾Ý±í `admin` µÄÊý¾Ý*/
insert into `admin` values
(1,'admin','admin');
2.©¶´µÄÀûÓÃ
Õâ¸ö¾ÍÊÇÊý¾Ý¿âÀïµÄ¼Ç¼ÁË.ÒÔºó»ÆɫΪ¹Ø¼üÓï¾ä,ºìɫΪÊäÈëµÄ²¿·Ö.
´ó¼Ò×¢Òâ¿´resultSet = statment.executeQuery("select * from account where accountId = '"+ request.getParameter("id") +"'");
ÕâÀïµÄrequest.getParameter("id") ÊÇ»ñÈ¡GET´«²ÎµÄid ²ÎÊý,Ò²¾ÍÊÇmysqlInject.jsp?id=1 ÕâÀïµÄid. ÕâÑùÕâ¸öSQLÓï¾ä¾Í±ä³ÉÁËselect * from account where accountId =
'1' ÁË.Èç¹û¼ÓÒԱ任ÄØ?
2.1©¶´µÄ¼ì²â
ÎÒÃÇ°Ñid д³ÉmysqlInject.jsp?id=1' ÄÇôSQL Óï¾ä¾Í±ä³Éselect * from account where accountId = '1'' ÁË,ÕâÑùµÄ»°SQLÓï¾ä¾Í»á±¨´í,ÒòΪSQLÓï¾äµÄÖµÊÇÐèÒª2¸ö°üº¬
·ûºÅ,±ÈÈ璺͔Èç¹ûÖ»ÊÇÊý×Ö¿ÉÒÔʲô¶¼²»Ð´.Èç¹û
Ïà¹ØÎĵµ£º
--Óï ¾ä ¹¦ ÄÜ
--Êý¾Ý²Ù×÷
SELECT --´ÓÊý¾Ý¿â±íÖмìË÷Êý¾ÝÐкÍÁÐ
INSERT --ÏòÊý¾Ý¿â±íÌí¼ÓÐÂÊý¾ÝÐÐ
DELETE --´ÓÊý¾Ý¿â±íÖÐɾ³ýÊý¾ÝÐÐ
UPDATE --¸üÐÂÊý¾Ý¿â±íÖеÄÊý¾Ý
--Êý¾Ý¶¨Òå
CREATE TABLE --´´½¨Ò»¸öÊý¾Ý¿â±í
DROP TABLE --´ÓÊý¾Ý¿âÖÐɾ³ý±í
ALTER TABLE --ÐÞ¸ÄÊý¾Ý¿â±í½á¹¹
CREATE VIEW --´´½¨Ò»¸öÊÓÍ ......
and exists (select * from sysobjects) //ÅжÏÊÇ·ñÊÇMSSQL and exists(select * from tableName) //ÅжÏij±íÊÇ·ñ´æÔÚ..tableNameΪ±íÃû and 1=(select @@VERSION) //MSSQL°æ±¾ And 1=(select db_name()) //µ±Ç°Êý¾Ý¿âÃû and 1=(select @@servername) //±¾µØ·þÎñÃû and 1=(select IS_SRVROLEMEMBER('sysadmin')) ......
µÚʮһÌ⣺
Óбístudents(name,class,grade),ÇëÓñê×¼sqlÓï¾äÍê³É
name class grade
ÕÅÈý Êýѧ 81
ÀîËÄ ÓïÎÄ 70
ÍõÎå Êýѧ 90
ÕÅÈý ÓïÎÄ 60
ÀîËÄ Êýѧ 100
ÍõÎå ÓïÎÄ 90
ÍõÎå Ó¢Óï 81
ÒªÇó: ÓÃsqlÓï¾äÊä³ö¸÷ÃŹ¦¿Î¶¼´óÓÚ80·ÖµÄͬѧÐÕÃû?
create table students (
name varchar(25),
class varchar(25), ......
CREATE PROCEDURE
´´½¨´æ´¢¹ý³Ì£¬´æ´¢¹ý³ÌÊDZ£´æÆðÀ´µÄ¿ÉÒÔ½ÓÊܺͷµ»ØÓû§ÌṩµÄ²ÎÊýµÄ Transact-SQL Óï¾äµÄ¼¯ºÏ¡£
¿ÉÒÔ´´½¨Ò»¸ö¹ý³Ì¹©ÓÀ¾ÃʹÓ㬻òÔÚÒ»¸ö»á»°ÖÐÁÙʱʹÓ㨾ֲ¿ÁÙʱ¹ý³Ì£©£¬»òÔÚËùÓлỰÖÐÁÙʱʹÓã¨È«¾ÖÁÙʱ¹ý³Ì£©¡£Ò²¿ÉÒÔ´´½¨ÔÚ Microsoft? SQL Server? Æô¶¯Ê±×Ô¶¯ÔËÐеĴ洢¹ý³Ì¡£
Óï·¨
CREATE ......
ΪÁË´ó¼Ò¸üÈÝÒ×Àí½âÎÒ¾Ù³öµÄSQLÓï¾ä£¬±¾Îļٶ¨ÒѾ½¨Á¢ÁËÒ»¸öѧÉú³É¼¨¹ÜÀíÊý¾Ý¿â£¬È«ÎľùÒÔѧÉú³É¼¨µÄ¹ÜÀíΪÀýÀ´ÃèÊö¡£
¡¡¡¡1.ÔÚ²éѯ½á¹ûÖÐÏÔʾÁÐÃû£º
¡¡¡¡a.ÓÃas¹Ø¼ü×Ö£ºselect name as 'ÐÕÃû' from students order by age
¡¡¡¡b.Ö±½Ó±íʾ£ºselect name 'ÐÕÃû' from students order by age
¡¡¡¡2.¾«È·²éÕÒ:
¡¡¡¡a.ÓÃ ......
