SQLÖаѲéѯ³öÀ´µÄ½á¹ûÓöººÅÁ¬½ÓÆðÀ´
SELECT A,B=stuff((select ' ' + '×Ö¶ÎC£º' + C + ',×Ö¶ÎD£º' + D) + ';' from tbl WHERE (key= 'Ìõ¼þ') for xml path('')) , 1 , 1 ,'')
from tbl
WHERE (key= 'Ìõ¼þ')
group by key
ÀýÈ磺һ¸ö±íÖÐkeyΪAAµÄ¼Ç¼ÓÐ2Ìõ£¬µÚÒ»ÌõÖÐ×Ö¶ÎCµÄֵΪCC£¬×Ö¶ÎDµÄֵΪDD£¬µÚ¶þÌõÖÐ×Ö¶ÎCµÄֵΪCCC£¬×Ö¶ÎDµÄֵΪDDD£¬ÄÇôִÐиÄÓï¾äºóµÄ½á¹ûΪ£ºA=AA,B=CC,DD;CCC,DDD
Ïà¹ØÎĵµ£º
SQL Native Client ODBC Driver
±ê×¼°²È«Á¬½Ó
Driver={SQL Native Client};Server=myServerAddress;Database=myDataBase;Uid=myUsername;Pwd=myPassword;
ÄúÊÇ·ñÔÚʹÓÃSQL Server 2005 Express ÇëÔÚ“Server”Ñ¡ÏîʹÓÃÁ¬½Ó±í´ïʽ“Ö÷»úÃû³Æ\SQLEXPRESS”¡£
ÊÜÐŵÄÁ¬½Ó
Driver={SQL Native ......
¡¡Äã¿ÉÄܳ£³£»áÐèÒªÔËÐÐÒ»¸öad hoc²éѯ´ÓÔ¶³ÌOLE DBÊý¾ÝÔ´ÌáÈ¡Êý¾Ý£¬»òÕßÅúÁ¿ÏòSQL Server±íµ¼ÈëÊý¾Ý¡£ÔÚÕâÖÖÇé¿öÏ£¬Äã¿ÉÒÔÔÚT-SQL(Transact-SQL£¬Î¢Èí¶ÔSQLµÄÀ©Õ¹)ÖÐÓÃOPENROWSETº¯Êý¸øÊý¾ÝÔ´´«ÈëÒ»¸öÁ¬½Ó´®ºÍ²éѯÀ´ÌáÈ¡ÐèÒªµÄÊý¾Ý¡£
¡¡¡¡Äã¿ÉÄܳ£³£»áÐèÒªÔËÐÐÒ»¸öad hoc²éѯ´ÓÔ¶³ÌOLE DBÊý¾ÝÔ´ÌáÈ¡Êý¾Ý£¬»òÕßÅúÁ¿ÏòSQL ......
¶ÔÓÚSQL ServerÊý¾Ý¿â¹ÜÀíÔ±À´½²£¬ÒÑÂúÊÂÎñÈÕÖ¾ÊÇÒ»¸öËöËéµÄ£¬µ«Óֺܳ£¼ûµÄÎÊÌâ¡£ËüÄÜÒý·¢ÊÂÎñµÄÌáÇ°ÖÕÖ¹£¬ÉõÖÁͨ¹ý×èÖ¹ËùÓÐÊÂÎñµÄÒýÈ룬´Ó¶øÒýÆðϵͳµÄ±ÀÀ£¡£¶ÔÓÚÊý¾Ý¿â¹ÜÀíÔ±À´Ëµ£¬¹Ø¼üÊÇÀí½â½«Òª·¢ÉúµÄÇé¿ö£¬ÒÔ±ãËûÃÇ¿ÉÒÔ×·×ÙÒýÆðÎÊÌâµÄÔÒò¡£ ÊÂÎñÈÕÖ¾Ìî³ä·½Ê½
¡¡¡¡ÒÔÏÂÊÇһЩ¿ÉÄÜÒýÆðÊÂÎñÈÕÖ¾ÌîÂúµÄÔÒò£º
¡¡¡¡ÌîÂúµ ......
SQL Injection with MySQL
±¾ÎÄ×÷Õߣºangel
ÎÄÕÂÐÔÖÊ£ºÔ´´
·¢²¼ÈÕÆÚ£º2004-09-16
±¾ÎÄÒѾ·¢±íÔÚ¡¶ºÚ¿Í·ÀÏß¡·7Ô¿¯£¬×ªÔØÇë×¢Ã÷¡£ÓÉÓÚдÁ˺ܾã¬Ëæ׿¼ÊõµÄ½ø²½£¬±¾ÈËÒ²·¢ÏÖ¸ÃÎÄÀïÓв»ÉÙ´íÎóºÍÂÞàµĵط½¡£Çë¸÷λ¸ßÊÖ¿´Á˲»ÒªÐ¦¡£±¾ÎÄдÓÚ¡¶Advanced SQL Injection with MySQL¡·Ö®Ç°Ò»¸öÔ¡£
ÉùÃ÷
¡¡¡¡±¾ÎĽöÓÃÓÚ½ ......
1¡¢×÷ÓÃ
ɾ³ýÖ¸¶¨³¤¶ÈµÄ×Ö·û£¬²¢ÔÚÖ¸¶¨µÄÆðµã´¦²åÈëÁíÒ»×é×Ö·û¡£
2¡¢Óï·¨
STUFF ( character_expression , start , length ,character_expression )
3¡¢Ê¾Àý
ÒÔÏÂʾÀýÔÚµÚÒ»¸ö×Ö·û´® abcdÖÐɾ³ý´ÓµÚ 2 ¸öλÖã¨×Ö·û b£©¿ªÊ¼µÄÈý¸ö×Ö·û£¬È ......
