SQLɾ³ýÓÐĬÈÏÖµ×ֶΣ¨×ª£©
declare @dfname varchar(50)
select @dfname=a.name
from sysobjects a
inner join syscomments b on a.id=b.id
inner join sysconstraints c on c.constid=a.id
inner join syscolumns d on c.colid=d.colid and c.id=d.id
where a.xtype='D' and object_name(d.id)='±íÃû' and d.name='ÁÐÃû'
if @dfname is not null
exec('alter table ±íÃû drop constraint '+@dfname)
Go
alter table ±íÃû drop column ÁÐÃû
Go
Ïà¹ØÎĵµ£º
¿´ÍêÈëÃÅƪºÍ½ø½×ƪºó£¬ÉÔ¼ÓÁ·Ï°£¬ÆƽâÒ»°ãµÄÍøÕ¾ÊÇûÎÊÌâÁË¡£µ«Èç¹ûÅöµ½±íÃûÁÐÃû²Â²»µ½£¬»ò³ÌÐò×÷Õß¹ýÂËÁËһЩÌØÊâ×Ö·û£¬ÔõôÌá¸ß×¢ÈëµÄ³É¹¦ÂÊ£¿ÔõôÑùÌá¸ß²Â½âЧÂÊ£¿Çë´ó¼Ò½Ó×ÅÍùÏ¿´¸ß¼¶Æª¡£
µÚÒ»½Ú¡¢ÀûÓÃϵͳ±í×¢ÈëSQLServerÊý¾Ý¿â
SQLServerÊÇÒ»¸ö¹¦ÄÜÇ¿´óµÄÊý¾Ý¿âϵͳ£¬Óë²Ù×÷ϵͳҲÓнôÃܵÄÁªÏµ£¬Õâ¸ø¿ª·¢Õß´øÀ´ÁË ......
Æô¶¯SQL Server (SQLEXPRESS)·þÎñʱÌáʾ´íÎó£¬Ê¼þ²é¿´Æ÷ÏÔʾÒÔÏÂÐÅÏ¢£¨ID 9003£©£º
´«µÝ¸øÊý¾Ý¿â 'master' ÖеÄÈÕ־ɨÃè²Ù×÷µÄÈÕ־ɨÃèºÅ (276:232:1) ÎÞЧ¡£´Ë´íÎó¿ÉÄÜָʾÊý¾ÝË𻵣¬»òÕßÈÕÖ¾Îļþ(.ldf)ÓëÊý¾ÝÎļþ(.mdf)²»Æ¥Åä¡£Èç¹û´Ë´íÎóÊÇÔÚ¸´ÖÆÆÚ¼ä³öÏֵģ¬ÇëÖØд´½¨·¢²¼¡£·ñÔò£¬Èç¹û¸ÃÎÊÌâµ¼ÖÂÆô¶¯ÆÚ¼ä³ö´í£¬Çë´Ó± ......
1.²éѯµÄÄ£ºýÆ¥Åä
¾¡Á¿±ÜÃâÔÚÒ»¸ö¸´ÔÓ²éѯÀïÃæʹÓà LIKE '%parm1%'—— ºìÉ«±êʶλÖõİٷֺŻᵼÖÂÏà¹ØÁеÄË÷ÒýÎÞ·¨Ê¹Óã¬×îºÃ²»ÒªÓÃ.
½â¾ö°ì·¨:
ÆäʵֻÐèÒª¶Ô¸Ã½Å±¾ÂÔ×ö¸Ä½ø£¬²éѯËٶȱã»áÌá¸ß½ü°Ù±¶¡£¸Ä½ø·½·¨ÈçÏ£º
a¡¢ÐÞ¸Äǰ̨³ÌÐò——°Ñ²éѯÌõ¼þµÄ¹©Ó¦ÉÌÃû³ÆÒ»À¸ÓÉÔÀ´µÄÎı¾ÊäÈë¸ÄΪÏÂÀÁб ......
1¡¢¼ì²éÊÇ·ñÓзǷ¨×Ö·û
public static boolean sql_inj(String str)
{
String inj_str = "'|and|exec|insert|select|delete|update|
count|*|%|chr|mid|master|truncate|char|declare|;|or|-|+|,";
//ÕâÀïµÄ¶«Î÷»¹¿ÉÒÔ×Ô¼ºÌí¼Ó
String[] inj_stra=inj_str.split("\\|");
for ......
¼ÇÈ¡¼Ç¼¼¯
create procedure getArticle
as
select * from Article_Content
GO
asp.net µ÷Ó÷½·¨
SqlConnection Conn = new SqlConnection();
Conn.ConnectionString = Data.Connstr();
Conn.Open();
......
