SQLÖеÄLIKEÓï¾äµÄÓ÷¨
ÔÚSQL½á¹¹»¯²éѯÓïÑÔÖУ¬LIKEÓï¾äÓÐ×ÅÖÁ¹ØÖØÒªµÄ×÷Óá£
¡¡¡¡LIKEÓï¾äµÄÓï·¨¸ñʽÊÇ£ºselect * from ±íÃû where ×Ö¶ÎÃû like ¶ÔÓ¦Öµ£¨×Ó´®£©£¬ËüÖ÷ÒªÊÇÕë¶Ô×Ö·ûÐÍ×ֶεģ¬ËüµÄ×÷ÓÃÊÇÔÚÒ»¸ö×Ö·ûÐÍ×Ö¶ÎÁÐÖмìË÷°üº¬¶ÔÓ¦×Ó´®µÄ¡£
¡¡¡¡¼ÙÉèÓÐÒ»¸öÊý¾Ý¿âÖÐÓиö±ítable1£¬ÔÚtable1ÖÐÓÐÁ½¸ö×ֶΣ¬·Ö±ðÊÇnameºÍsex¶þÕßÈ«ÊÇ×Ö·ûÐÍÊý¾Ý¡£ÏÖÔÚÎÒÃÇÒªÔÚÐÕÃû×Ö¶ÎÖвéѯÒÔ“ÕÅ”×Ö¿ªÍ·µÄ¼Ç¼£¬Óï¾äÈçÏ£º
select * from table1 where name like "ÕÅ*"
Èç¹ûÒª²éѯÒÔ“ÕÅ”½áβµÄ¼Ç¼£¬ÔòÓï¾äÈçÏ£º
¡¡¡¡¡¡select * from table1 where name like "*ÕÅ"
ÕâÀïÓõ½ÁËͨÅä·û“*”£¬¿ÉÒÔ˵£¬likeÓï¾äÊǺÍͨÅä·û·Ö²»¿ªµÄ¡£ÏÂÃæÎÒÃǾÍÏêϸ½éÉÜÒ»ÏÂͨÅä·û¡£
Æ¥ÅäÀàÐÍ¡¡¡¡
ģʽ
¾ÙÀý¡¡¼°¡¡´ú±íÖµ
˵Ã÷
¶à¸ö×Ö·û
*
c*c´ú±ícc,cBc,cbc,cabdfecµÈ
ËüͬÓÚDOSÃüÁîÖеÄͨÅä·û£¬´ú±í¶à¸ö×Ö·û¡£
¶à¸ö×Ö·û
%
%c%´ú±íagdcagdµÈ
ÕâÖÖ·½·¨Ôںܶà³ÌÐòÖÐÒªÓõ½£¬Ö÷ÒªÊDzéѯ°üº¬×Ó´®µÄ¡£
ÌØÊâ×Ö·û
[*]
a[*]a´ú±ía*a
´úÌæ*
µ¥×Ö·û
?
b?b´ú±íbrb,bFbµÈ
ͬÓÚDOSÃüÁîÖеģ¿Í¨Åä·û£¬´ú±íµ¥¸ö×Ö·û
µ¥Êý×Ö
#
k#k´ú±ík1k,k8k,k0k
´óÖÂͬÉÏ£¬²»Í¬µÄÊÇ´úÖ»ÄÜ´ú±íµ¥¸öÊý×Ö¡£
×Ö·û·¶Î§
-
[a-z]´ú±íaµ½zµÄ26¸ö×ÖĸÖÐÈÎÒâÒ»¸ö
Ö¸¶¨Ò»¸ö·¶Î§ÖÐÈÎÒâÒ»¸ö
ÐøÉÏ
Åųý
[!×Ö·û]
[!a-z]´ú±í9,0,%,*µÈ
ËüÖ»´ú±íµ¥¸ö×Ö·û
Êý×ÖÅųý
[!Êý×Ö]
[!0-9]´ú±íA,b,C,dµÈ
ͬÉÏ
×éºÏÀàÐÍ
×Ö·û[·¶Î§ÀàÐÍ]×Ö·û
cc[!a-d]#´ú±íccF#µÈ
¿ÉÒÔºÍÆäËü¼¸ÖÖ·½Ê½×éºÏʹÓÃ
¡¡¡¡¡¡¼ÙÉè±ítable1ÖÐÓÐÒÔϼǼ£º
¡¡¡¡¡¡¡¡¡¡name sex
ÕÅСÃ÷¡¡¡¡¡¡¡¡ÄÐ
¡¡¡¡¡¡¡¡ÀîÃ÷Ìì¡¡¡¡¡¡¡¡¡¡¡¡¡¡ÄÐ
¡¡¡¡¡¡¡¡ÀîaÌì¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡Å®
¡¡¡¡¡¡¡¡Íõ5Îå¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡ÄÐ
¡¡¡¡¡¡¡¡ÍõÇåÎå¡¡¡¡¡¡¡¡¡¡¡¡ÄÐ
¡¡¡¡ÏÂÃæÎÒÃÇÀ´¾ÙÀý˵Ã÷һϣº
Àý1£¬²éѯname×Ö¶ÎÖаüº¬ÓГÃ÷”×ֵġ£
¡¡¡¡¡¡¡¡¡¡¡¡select * from table1 where name like %Ã÷%
Àý2£¬²éѯname×Ö¶ÎÖÐÒÔ“Àî”×Ö¿ªÍ·¡£
¡¡¡¡¡¡¡¡¡¡¡¡select * from table1 where name like Àî*
Àý3£¬²éѯname×Ö¶ÎÖк¬Ó
Ïà¹ØÎĵµ£º
SQL Injection with MySQL
±¾ÎÄ×÷Õߣºangel
ÎÄÕÂÐÔÖÊ£ºÔ´´
·¢²¼ÈÕÆÚ£º2004-09-16
±¾ÎÄÒѾ·¢±íÔÚ¡¶ºÚ¿Í·ÀÏß¡·7Ô¿¯£¬×ªÔØÇë×¢Ã÷¡£ÓÉÓÚдÁ˺ܾã¬Ëæ׿¼ÊõµÄ½ø²½£¬±¾ÈËÒ²·¢ÏÖ¸ÃÎÄÀïÓв»ÉÙ´íÎóºÍÂÞàµĵط½¡£Çë¸÷λ¸ßÊÖ¿´Á˲»ÒªÐ¦¡£±¾ÎÄдÓÚ¡¶Advanced SQL Injection with MySQL¡·Ö®Ç°Ò»¸öÔ¡£
ÉùÃ÷
¡¡¡¡±¾ÎĽöÓÃÓÚ½ ......
Mysql°²×°
·µ»ØÖ÷Ŀ¼
MysqlµÄ°²×°Îļþ¿ÉÒÔÖ±½Óµ½ http://www.mysql.com ÏÂÔØ£¬»ñµÃfor win32µÄ.zip°ü£¬½¨ÒéÑ¡Ôñ4.0.20d°æ±¾¡£ÕâÀï²»Ïêϸ˵Ã÷¡£
¡¡¡¡ÏÂÔØ»ñµÃMysqlµÄfor win32°²×°°üºó£¬ÓÃwinzip½âѹËõ£¬Ö±½ÓÔËÐÐsetup.exe£¬ÐèҪעÒâµÄÊÇÑ¡ÔñÒ»¸ö°²×°Â·¾¶£¬µ±È»£¬°²×°Â·¾¶¿ÉÒÔÈÎÒ⣬½¨ÒéÑ¡ÔñC:\MySQLĿ¼¡£°²×°Íê³ÉºóMy ......
¡¡¡¡Á½Ì¨²»Í¬µÄÊý¾Ý¿â·þÎñÆ÷£¬´Óһ̨Êý¾Ý¿â·þÎñÆ÷µÄÒ»¸öÓû§¶ÁÈ¡Áíһ̨Êý¾Ý¿â·þÎñÆ÷ϵÄij¸öÓû§µÄÊý¾Ý£¬Õâ¸öʱºò¿ÉÒÔʹÓÃdblink¡£
¡¡¡¡ÆäʵdblinkºÍÊý¾Ý¿âÖеÄview²î²»¶à£¬½¨dblinkµÄʱºòÐèÒªÖªµÀ´ý¶ÁÈ¡Êý¾Ý¿âµÄipµØÖ·£¬ssidÒÔ¼°Êý¾Ý¿âÓû§ÃûºÍÃÜÂë¡£
¡¡¡¡´´½¨¿ÉÒÔ²ÉÓÃÁ½ÖÖ·½Ê½£º
¡¡¡¡1¡¢ÒѾÅäÖñ¾µØ·þÎñ
ÒÔÏ ......
ÏÂÁÐÓï¾ä²¿·ÖÊÇMssqlÓï¾ä£¬²»¿ÉÒÔÔÚaccessÖÐʹÓá£
SQL·ÖÀࣺ
DDL—Êý¾Ý¶¨ÒåÓïÑÔ(CREATE£¬ALTER£¬DROP£¬DECLARE)
DML—Êý¾Ý²Ù×ÝÓïÑÔ(SELECT£¬DELETE£¬UPDATE£¬INSERT)
DCL—Êý¾Ý¿ØÖÆÓïÑÔ(GRANT£¬REVOKE£¬COMMIT£¬ROLLBACK)
Ê×ÏÈ,¼òÒª½éÉÜ»ù´¡Óï¾ä£º
1¡¢ËµÃ÷£º´´½¨Êý¾Ý¿â
CREATE DATABASE da ......