·ÀÖ¹SQL×¢Èë
ÔÎĵØÖ·:http://hi.baidu.com/%BC%D9%BA%EC%D2%B6%CE%E8%CE%F7%B7%E7/blog/item/81f35da209e287abcbefd005.html
1. ʲôÊÇSQL×¢Èë
ËùνSQL×¢È룬¾ÍÊÇͨ¹ý°ÑSQLÃüÁî²åÈëµ½Web±íµ¥µÝ½»»òÊäÈëÓòÃû»òÒ³ÃæÇëÇóµÄ²éѯ×Ö·û´®£¬×îÖÕ´ïµ½ÆÛÆ·þÎñÆ÷Ö´ÐжñÒâµÄSQLÃüÁͨ¹ýµÝ½»²ÎÊý¹¹ÔìÇÉÃîµÄSQLÓï¾ä£¬´Ó¶ø³É¹¦»ñÈ¡ÏëÒªµÄÊý¾Ý¡£
2. SQL×¢ÈëµÄÖÖÀà
´Ó¾ßÌå¶øÑÔ£¬SQL×¢Èë¿É·ÖΪÎå´óÀ࣬·Ö±ðÊÇ£ºÊý×ÖÐÍ×¢Èë¡¢×Ö·ûÐÍ×¢Èë¡¢ËÑË÷ÐÍ×¢È루like£©¡¢inÐ͵Ä×¢Èë¡¢¾äÓïÁ¬½ÓÐÍ×¢Èë¡£´ÓÓ¦ÓÃÀ´Ëµ£¬ÒªÌرð×¢ÒâIP¡¢ËÑË÷¡¢ÅúÁ¿É¾³ý¡¢´ÓÊý¾Ý¿âתµ½Êý¾Ý¿âµÈµØ·½µÄSQL×¢Èë¡£
3. ÈçºÎ·ÀÖ¹SQL×¢Èë
3.1 SQL×¢Èë²úÉúµÄÔÒò
¿´ÏÂÃæ¼ì²éµÇ½µÄSQLÓï¾ä£º
SQL´úÂë
SqlCommand cmd = new SqlCommand("SELECT * from PE_USERS WHERE UserName = '"
+ UserName + "' AND UserPassword = '" + PassWord + "'", conn);
ÓÉÓÚûÓжÔUserNameºÍPassWord½øÐÐÈκÎÑéÖ¤£¬Èç¹ûUserName=” admin’ OR 1=1--“
ËùÖ´ÐеÄSQLÓï¾ä¾Í³ÉÁË£º
SQL´úÂë
SELECT * from PE_USERS WHERE UserName=’admin’ OR 1=1—‘ AND UserPassword=’’
Õâ¾ÍÔì³ÉÁËSQL×¢È룬Ìõ¼þÓÀԶΪÕ棬Ҳ¾Í²»ÓÃÃÜÂëÒ²Äܵǽ³É¹¦¡£
3.2Ö÷Òª·ÀÓù·½Ê½
·ÀÓùÊÖ¶ÎÒ»:²ÎÊý»¯²éѯ
±£»¤¼¶±ð£º¡ï¡ï¡ï¡ï¡ï
ÃèÊö:
ʹÓòÎÊý»¯²éѯµÄºÃ´¦£º¿ÉÒÔ·ÀÖ¹sql×¢Èëʽ¹¥»÷£¬Ìá¸ß³ÌÐòÖ´ÐÐЧÂÊ¡£
ÀýÈç:
SQL´úÂë
const string strSql = "SELECT * from [PE_Users] WHERE UserName = @UserName";
Parameters parms = new Parameters("@UserName", DbType.String, userName);
ÖÐÓÐÒ»¸ö²ÎÊý@UserName, ʹÓÃPrarmeter¶ÔÏó£¬Í¨¹ýËü°Ñ²ÎÊýÌí¼Óµ½Command¶ÔÏóÉÏ£¬
ÕâÑù¾Í»ñµÃ²ÎÊý»¯²éѯ¡£
14
14 °²È«¿ª·¢ÊÖ²á
ÈçÉÏÊöÓï¾ä,ADO.NET »áÏòSQL Server ·¢ËÍÏÂÃæµÄSQLÓï¾ä:
SQL´úÂë
Exec sp_executesql N ‘select * from [pe_users] where username=@username ‘,N
‘@username nvarchar(20) ‘,@username=N ‘name’
SQL Server °Ñ@username Ìæ»»³É×Ö·û´®”name”,È»ºóÔÙÖ´Ðвéѯ.
¼ÙÉèÓÐÏÂÃæµÄÊäÈë:
SQL´úÂë
‘ union select @@version,null,null—
Éú³ÉµÄSQLÓï¾äÈçÏÂËùʾ:
SQL´úÂë
Exec sp_executesql N ‘select * from [pe_users] where username=@username &
Ïà¹ØÎĵµ£º
ϵͳ»·¾³£ºWindows 7
Èí¼þ»·¾³£ºVisual C++ 2008 SP1 +SQL Server 2005
±¾´ÎÄ¿µÄ£º±àдһ¸öº½¿Õ¹ÜÀíϵͳ
ÕâÊÇÊý¾Ý¿â¿Î³ÌÉè¼ÆµÄ³É¹û£¬ËäÈ»³É¼¨²»¼Ñ£¬µ«ÊÇ×÷ΪÎÒÓÃVC++ ÒÔÀ´±àдµÄ×î´ó³ÌÐò»¹ÊÇ´«µ½ÍøÉÏ£¬ÒÔ¹©²Î¿¼¡£ÓÃVC++ ×öÊý¾Ý¿âÉè¼Æ²¢²»ÈÝÒ×£¬µ«Ò²²»ÊDz»¿ÉÄÜ¡£ÒÔÏÂÊÇÎҵijÌÐò½çÃ棬ºóÃæ ......
1. µ±Ç°ÏµÍ³ÈÕÆÚ¡¢Ê±¼ä
select getdate()
2. dateadd ÔÚÏòÖ¸¶¨ÈÕÆÚ¼ÓÉÏÒ»¶Îʱ¼äµÄ»ù´¡ÉÏ£¬·µ»ØÐ嵀 datetime Öµ
ÀýÈ磺ÏòÈÕÆÚ¼ÓÉÏ2Ìì
select dateadd(day,2,'2004-10-15') --·µ»Ø£º2004-10-17 00:00:00.000
3. datediff ·µ»Ø¿çÁ½¸öÖ¸¶¨ÈÕÆÚµÄÈÕÆÚºÍʱ¼ä ......
×÷Õß
£º
Takayuki Hoshino
׫¸åÈË
£º
Juergen Thomas
¼¼
Êõ
ÉóÔÄÈË
£º
Sanjay Mishra
SQL Server Ϊ SAP Ó¦ÓóÌÐòÌṩÁË׿ԽµÄÊý¾Ý¿âƽ̨¡£ÏÂÁн¨Òé¸ÅÊöÁËÕë¶Ô SAP ʵÏÖά»¤ SQL Server Êý¾Ý¿âµÄ×î¼Ñ×ö·¨¡£
ÿÌìÖ´ÐÐÍêÕûÊý¾Ý¿â±¸·Ý
´Ó
¼¼Êõ½Ç¶ÈÀ´Ëµ£¬Áª»ú±¸·Ý SAP Êý¾Ý¿â²»³ÉÎÊÌâ¡£ÕâÒâζ×Å£¬×îÖ ......
ÕªÒª£º±¾ÎĽéÉÜÁËÔÚ¿Í»§»úÉÏ´¦Àí Microsoft sql server(WINDOWSƽ̨ÉÏÇ¿´óµÄÊý¾Ý¿âƽ̨) ²éѯµÄ·½Ê½£¬¸÷ÖÖ¿Í»§»úÓë sql server(WINDOWSƽ̨ÉÏÇ¿´óµÄÊý¾Ý¿âƽ̨) µÄ½»»¥·½Ê½£¬ÒÔ¼° sql server(WINDOWSƽ̨ÉÏÇ¿´óµÄÊý¾Ý¿âƽ̨) ÔÚ´¦Àí¿Í»§»ú³ÌÐòµÄÇëÇóʱÐèÒªÍê³ÉµÄ¹¤×÷¡£
¼ò½é
¡¡¡¡Microsoft(R) sql server(WINDOWSƽ̨ÉÏÇ¿ ......
SQL Server 2005£º
ALTER Table Content_Node
ADD CONSTRAINT uc_TREECODE UNIQUE (TreeCode)
ALTER TABLE Content_Node
DROP CONSTRAINT uc_TREECODE
Ô¼ÊøËùÔÚ×ֶ㤶ÈÉèΪ896£¬ÒòΪUNIQUEÔ¼ÊøµÄ×î´ó¼ü³¤¶ÈΪ 900 ×Ö½Ú£¬¶øUNIQUEÔ¼ÊøĬÈÏÕ¼ÓÐ4×Ö½Ú¡£
²Î¿¼£ºhttp://www.w3school.com.cn/sql/sql_unique.asp ......