sql²éѯµÄÎÞÏÞ·ÖÀà²éѯµÄÉè¼Æ
×î½üÔÚÕÒÒ»´Îsql²éѯµÄÎÞÏÞ·ÖÀà²éѯµÄÉè¼Æ£¬ÍøÉÏÕÒÁËÒ»ÏÂÕâ¸öÊý¾Ý±íµÄÉè¼ÆºÜÓÐÌØÉ«£¬
²»Óõݹ飬ÒÀ¿¿¸ö¼òµ¥SQLÓï¾ä¾ÍÄÜÁгö²Ëµ¥£¬¿´¿´Õâ¸öÊý¾Ý±íÔõôÉè¼ÆµÄ£¬²¢¶ÔÏÂÃæµÄÊý¾Ý±í½á¹¹µÄ²éѯ½øÐзÖÎö.
Êý¾Ý¿â×ֶδó¸ÅÈçÏ£º
-----------------------------------------------------------------------------------
id 񅧏
fid ¸¸·ÖÀà±àºÅ
name ·ÖÀàÃû
path ·ÖÀà·¾¶£¬ÒÔ id Ϊ½Úµã£¬×é³ÉÀàËÆ ,1,2,3,4, ÕâÑùµÄ×Ö·û´®
----------------------------------------------------------------------------------
¿ÉÒÔ¼ÙÉèÓÐÈçϵÄÊý¾Ý
id fid name path
----------------------------------------------------
1 0 ·ÖÀà1 ,1,
2 0 ·ÖÀà2 ,2,
3 1 ·ÖÀà1-1 ,1,3,
4 1 ·ÖÀà1-2 ,1,4,
5 2 ·ÖÀà2-1 ,2,5,
6 4 ·ÖÀà1-2-1 &nbs
Ïà¹ØÎĵµ£º
Èë Êƪ
Èç¹ûÄãÒÔǰûÊÔ¹ýSQL×¢ÈëµÄ»°£¬ÄÇôµÚÒ»²½ÏÈ°ÑIE²Ëµ¥=>¹¤¾ß=>InternetÑ¡Ïî=>¸ß¼¶=>ÏÔʾÓѺà HTTP ´íÎóÐÅϢǰÃæµÄ¹´È¥µô¡£·ñÔò£¬²»ÂÛ·þÎñÆ÷·µ»Øʲô´íÎó£¬IE¶¼Ö»ÏÔʾΪHTTP 500·þÎñÆ÷´íÎ󣬲»ÄÜ»ñµÃ¸ü¶àµÄÌáʾÐÅÏ¢¡£
µÚÒ»½Ú¡¢SQL×¢ÈëÔÀí
ÒÔÏÂÎÒÃÇ´ÓÒ»¸öÍøÕ¾www.19cn.com¿ªÊ¼£¨×¢£º±¾ÎÄ·¢±íÇ°ÒÑÕ÷µ ......
¿´ÍêÈëÃÅƪºÍ½ø½×ƪºó£¬ÉÔ¼ÓÁ·Ï°£¬ÆƽâÒ»°ãµÄÍøÕ¾ÊÇûÎÊÌâÁË¡£µ«Èç¹ûÅöµ½±íÃûÁÐÃû²Â²»µ½£¬»ò³ÌÐò×÷Õß¹ýÂËÁËһЩÌØÊâ×Ö·û£¬ÔõôÌá¸ß×¢ÈëµÄ³É¹¦ÂÊ£¿ÔõôÑùÌá¸ß²Â½âЧÂÊ£¿Çë´ó¼Ò½Ó×ÅÍùÏ¿´¸ß¼¶Æª¡£
µÚÒ»½Ú¡¢ÀûÓÃϵͳ±í×¢ÈëSQLServerÊý¾Ý¿â
SQLServerÊÇÒ»¸ö¹¦ÄÜÇ¿´óµÄÊý¾Ý¿âϵͳ£¬Óë²Ù×÷ϵͳҲÓнôÃܵÄÁªÏµ£¬Õâ¸ø¿ª·¢Õß´øÀ´ÁË ......
±àд¸ßÐÔÄܵÄSQLÓï¾ä×¢ÒâÊÂÏî
ÔÚÓ¦ÓÃϵͳ¿ª·¢³õÆÚ£¬ÓÉÓÚ¿ª·¢Êý¾Ý¿âÊý¾Ý±È½ÏÉÙ£¬¶ÔÓÚ²éѯSQLÓï¾ä£¬¸´ÔÓÊÓͼµÄµÄ±àдµÈÌå»á²»³öSQLÓï¾ä¸÷ÖÖд·¨µÄÐÔÄÜÓÅÁÓ£¬µ«ÊÇÈç¹û½«Ó¦ÓÃϵͳÌύʵ¼ÊÓ¦Óúó£¬Ëæ×ÅÊý¾Ý¿âÖÐÊý¾ÝµÄÔö¼Ó£¬ÏµÍ³µÄÏìÓ¦ËٶȾͳÉΪĿǰϵͳÐèÒª½â¾öµÄ×îÖ÷ÒªµÄÎÊÌâÖ®Ò»¡£ÏµÍ³ÓÅ»¯ÖÐÒ»¸öºÜÖØÒªµÄ·½Ãæ¾ÍÊÇSQLÓï¾äµÄÓÅ ......
1¡¢¼ì²éÊÇ·ñÓзǷ¨×Ö·û
public static boolean sql_inj(String str)
{
String inj_str = "'|and|exec|insert|select|delete|update|
count|*|%|chr|mid|master|truncate|char|declare|;|or|-|+|,";
//ÕâÀïµÄ¶«Î÷»¹¿ÉÒÔ×Ô¼ºÌí¼Ó
String[] inj_stra=inj_str.split("\\|");
for ......
¼ÇÈ¡¼Ç¼¼¯
create procedure getArticle
as
select * from Article_Content
GO
asp.net µ÷Ó÷½·¨
SqlConnection Conn = new SqlConnection();
Conn.ConnectionString = Data.Connstr();
Conn.Open();
......
