Ò׽ؽØÍ¼Èí¼þ¡¢µ¥Îļþ¡¢Ãâ°²×°¡¢´¿ÂÌÉ«¡¢½ö160KB

·ÀÖ¹SQL×¢Èë

Ô­ÎĵØÖ·:http://hi.baidu.com/%BC%D9%BA%EC%D2%B6%CE%E8%CE%F7%B7%E7/blog/item/81f35da209e287abcbefd005.html
1. ʲôÊÇSQL×¢Èë
ËùνSQL×¢È룬¾ÍÊÇͨ¹ý°ÑSQLÃüÁî²åÈëµ½Web±íµ¥µÝ½»»òÊäÈëÓòÃû»òÒ³ÃæÇëÇóµÄ²éѯ×Ö·û´®£¬×îÖÕ´ïµ½ÆÛÆ­·þÎñÆ÷Ö´ÐжñÒâµÄSQLÃüÁͨ¹ýµÝ½»²ÎÊý¹¹ÔìÇÉÃîµÄSQLÓï¾ä£¬´Ó¶ø³É¹¦»ñÈ¡ÏëÒªµÄÊý¾Ý¡£
2. SQL×¢ÈëµÄÖÖÀà
´Ó¾ßÌå¶øÑÔ£¬SQL×¢Èë¿É·ÖΪÎå´óÀ࣬·Ö±ðÊÇ£ºÊý×ÖÐÍ×¢Èë¡¢×Ö·ûÐÍ×¢Èë¡¢ËÑË÷ÐÍ×¢È루like£©¡¢inÐ͵Ä×¢Èë¡¢¾äÓïÁ¬½ÓÐÍ×¢Èë¡£´ÓÓ¦ÓÃÀ´Ëµ£¬ÒªÌرð×¢ÒâIP¡¢ËÑË÷¡¢ÅúÁ¿É¾³ý¡¢´ÓÊý¾Ý¿âתµ½Êý¾Ý¿âµÈµØ·½µÄSQL×¢Èë¡£
3. ÈçºÎ·ÀÖ¹SQL×¢Èë
3.1 SQL×¢Èë²úÉúµÄÔ­Òò
¿´ÏÂÃæ¼ì²éµÇ½µÄSQLÓï¾ä£º
SQL´úÂë
SqlCommand cmd = new SqlCommand("SELECT * from PE_USERS WHERE UserName = '"
+ UserName + "' AND UserPassword = '" + PassWord + "'", conn);
ÓÉÓÚûÓжÔUserNameºÍPassWord½øÐÐÈκÎÑéÖ¤£¬Èç¹ûUserName=” admin’ OR 1=1--“
ËùÖ´ÐеÄSQLÓï¾ä¾Í³ÉÁË£º
SQL´úÂë
SELECT * from PE_USERS WHERE UserName=’admin’ OR 1=1—‘ AND UserPassword=’’
Õâ¾ÍÔì³ÉÁËSQL×¢È룬Ìõ¼þÓÀÔ¶ÎªÕæ£¬Ò²¾Í²»ÓÃÃÜÂëÒ²Äܵǽ³É¹¦¡£
3.2Ö÷Òª·ÀÓù·½Ê½
·ÀÓùÊÖ¶ÎÒ»:²ÎÊý»¯²éѯ
±£»¤¼¶±ð£º¡ï¡ï¡ï¡ï¡ï
ÃèÊö:
ʹÓòÎÊý»¯²éѯµÄºÃ´¦£º¿ÉÒÔ·ÀÖ¹sql×¢Èëʽ¹¥»÷£¬Ìá¸ß³ÌÐòÖ´ÐÐЧÂÊ¡£
ÀýÈç:
SQL´úÂë
const string strSql = "SELECT * from [PE_Users] WHERE UserName = @UserName";
Parameters parms = new Parameters("@UserName", DbType.String, userName);
ÖÐÓÐÒ»¸ö²ÎÊý@UserName, ʹÓÃPrarmeter¶ÔÏó£¬Í¨¹ýËü°Ñ²ÎÊýÌí¼Óµ½Command¶ÔÏóÉÏ£¬
ÕâÑù¾Í»ñµÃ²ÎÊý»¯²éѯ¡£
14
14 °²È«¿ª·¢ÊÖ²á
ÈçÉÏÊöÓï¾ä,ADO.NET »áÏòSQL Server ·¢ËÍÏÂÃæµÄSQLÓï¾ä:
SQL´úÂë
Exec sp_executesql N ‘select * from [pe_users] where username=@username ‘,N
‘@username nvarchar(20) ‘,@username=N ‘name’
SQL Server °Ñ@username Ìæ»»³É×Ö·û´®”name”,È»ºóÔÙÖ´Ðвéѯ.
¼ÙÉèÓÐÏÂÃæµÄÊäÈë:
SQL´úÂë
‘ union select @@version,null,null—
Éú³ÉµÄSQLÓï¾äÈçÏÂËùʾ:
SQL´úÂë
Exec sp_executesql N ‘select * from [pe_users] where username=@username &


Ïà¹ØÎĵµ£º

SQLÈÕÀú±íÊý¾ÝµÄ¼òµ¥Éú³É

ΪÁ˹«Ë¾¿¼ÇÚϵͳµÄÐèÒª
±àдµÄ¼¸¸ö¼òµ¥´æ´¢¹ý³Ì(¿ÉÒÔÊÖ¶¯ÔËÐÐ,Ò²¿ÉÒÔÉèÖÃÊÂÎñ×Ô¶¯ÔËÐÐ!¸Ð¾õ»¹ÐбȽÏͨÓÃ,д³öÀ´¹²ÏíÏÂ)
Calendar±í½á¹¹ºÜ¼òµ¥,2¸ö×Ö¶Î:
fdDate ÈÕÆÚ
fdType ¿¼ÇÚÀàÐÍ(¹¤×÷ÈÕN,ÖÜÄ©W,½Ú¼ÙÈÕH[ÐèÒª¸ù¾ÝÐèÒª×Ô¼ºÐÞ¸Ä])
--ÅжÏÒ»¶Îʱ¼ä·¶Î§ÄڵŤ×÷ÈÕ£¨N£©ºÍÖÜÄ©£¨W£©
Create     PR ......

SQLÔÚ´æ´¢¹ý³ÌÉè¼ÆÐĵÃÌå»áºÍÓÅ»¯´ëÊ©

Ò»¡¢Êʺ϶ÁÕß¶ÔÏó
Êý¾Ý¿â¿ª·¢³ÌÐòÔ±£¬Êý¾Ý¿âµÄÊý¾ÝÁ¿ºÜ¶à£¬Éæ¼°µ½¶ÔSP(´æ´¢¹ý³Ì)µÄÓÅ»¯µÄÏîÄ¿¿ª·¢ÈËÔ±£¬¶ÔÊý¾Ý¿âÓÐŨºñÐËȤµÄÈË¡£
¶þ¡¢½éÉÜ
ÔÚÊý¾Ý¿âµÄ¿ª·¢¹ý³ÌÖУ¬¾­³£»áÓöµ½¸´ÔÓµÄÒµÎñÂß¼­ºÍ¶ÔÊý¾Ý¿âµÄ²Ù×÷£¬Õâ¸öʱºò¾Í»áÓÃSPÀ´·â×°Êý¾Ý¿â²Ù×÷¡£Èç¹ûÏîÄ¿µÄSP½Ï¶à£¬ÊéдÓÖûÓÐÒ»¶¨µÄ¹æ
·¶£¬½«»áÓ°ÏìÒÔºóµÄϵͳά»¤À§ÄÑ ......

PL/SQL DEVELOPER »ù±¾Ó÷¨Ïê½â£¨×ª£©

PL/SQL DEVELOPER »ù±¾Ó÷¨Ïê½â(½¨Òéд¹ýµÚÒ»¸ö´æ´¢¹ý³ÌºóµÄ³õÊֱضÁ)
  
ÓùýoracleµÄ¶¼±§Ô¹£¬ÎªÁËÎȶ¨ ËüÌṩµÄͼÐλ¯²Ù×÷ ËÙ¶ÈÂýµÄÈÃÈËÉËÐÄѽ£¬p4+128MµÄ»úÆ÷Ö»ÒªÆô¶¯Ò»¸ö
  
oracle·þÎñ¾Í¹»ÈÃÈËÉËÐĵģ¬ÔÙÔÚdba studioÀïÃæ²Ù×÷ÕæÄÜÈÃÈ˿ޡ£
  pl/sql developerÕýÊǽâ¾öÕâ¸öÎÊÌâµ ......

PL/SQL ¿éµÄѧϰ£¨¾«»ª£©

PL/SQL¿é
  declare
  begin
   --SQLÓï¾ä
   --Ö±½ÓдµÄSQLÓï¾ä(DML/TCL)
   --¼ä½Óдexecute immediate <DDL/DCLÃüÁî×Ö·û´®>
   --select Óï¾ä
        <1>±ØÐë´øÓÐinto×Ó¾ä
      ......

SQL ServerÖÐÁÙʱ±íÓë±í±äÁ¿µÄÇø±ð

ÎÒÃÇÔÚÊý¾Ý¿âÖÐʹÓñíµÄʱºò,¾­³£»áÓöµ½Á½ÖÖʹÓñíµÄ·½·¨,·Ö±ð¾ÍÊÇʹÓÃÁÙʱ±í¼°±í±äÁ¿¡£ÔÚʵ¼ÊʹÓõÄʱºò£¬ÎÒÃÇÈçºÎÁé»îµÄÔÚ´æ´¢¹ý³ÌÖÐÔËÓÃËüÃÇ£¬ËäÈ»ËüÃÇʵÏֵŦÄÜ»ù±¾ÉÏÊÇÒ»ÑùµÄ£¬¿ÉÈçºÎÔÚÒ»¸ö´æ´¢¹ý³ÌÖÐÓÐʱºòȥʹÓÃÁÙʱ±í¶ø²»Ê¹Óñí±äÁ¿£¬ÓÐʱºòȥʹÓñí±äÁ¿¶ø²»Ê¹ÓÃÁÙʱ±íÄØ?
¡¡¡¡ÁÙʱ±í
¡¡¡¡ÁÙʱ±íÓëÓÀ¾Ã±íÏàËÆ£¬ ......
© 2009 ej38.com All Rights Reserved. ¹ØÓÚE½¡ÍøÁªÏµÎÒÃÇ | Õ¾µãµØÍ¼ | ¸ÓICP±¸09004571ºÅ