Web°²È«¿ª·¢£ºSQL×¢Èë¹¥»÷ºÍÍøÒ³¹ÒÂí
ÉêÃ÷¡£ÎÄÕ½ö´ú±í¸öÈ˹۵㣬ÓëËùÔÚ¹«Ë¾ÎÞÈκÎÁªÏµ¡£
1. ¸ÅÊö
ÍøÒ³¹ÒÂíÕâ¸ö»°ÌâÏëÀ´´ó¼Ò²¢²»Ä°Éú¡£ÎªÊ²Ã´ÓÐÕâô¶àµÄÍøÒ³ÉÏ´æÔÚ×ÅľÂíÈ¥¹¥»÷ÆÕͨÓû§£¿²»¿É·ñÈÏ£¬Ï൱һ²¿·ÖÍøÒ³Ô±¾¾ÍÊǶñÒâµÄ£ºÍøÒ³µÄ×÷Õß¹ÊÒâÔÚÉÏÃæ·ÅÉÏľÂí£¬È»ºóͨ¹ý¸÷ÖÖÊÖ¶ÎÒýÓÕÓû§È¥ä¯ÀÀ¡£µ«ÊǾø´ó¶àÊý±»¹ÒÂíµÄÍøÒ³Ô±¾ÊÇÕý³£µÄÍøÒ³£¬ÀýÈçÆÕͨµÄ½ÌÓýÍøÕ¾£¬¹ºÎïÍøÕ¾µÈµÈ£¬Ö»ÊÇÍøÒ³±»¹¥»÷Õ߶ñÒâÐ޸ĺó²åÈëÁËľÂí´úÂë¡£
ÄÇô£¬¹¥»÷ÕßÊÇÈçºÎÄܹ»¶ñÒâÐÞ¸ÄÒ»¸öÕý³£ÍøÒ³µÄÄØ£¿ »»¾ä»°Ëµ£¬Ò»¸öÍøÕ¾ÊÇÈçºÎ±»“ºÚ”µÄ£¿Ò»¸ö×î³£¼ûµÄ¹¥»÷·½·¨ÊÇSQL×¢È루SQL Injection£©¹¥»÷¡£ÊÂʵÉÏ£¬¾ÍÔÚ½ñÄêµÄÎåÔ·ݣ¬±¬·¢ÁËÒ»´Î´ó¹æÄ£µÄÍøÒ³¹¥»÷»î¶¯¡¾£±¡¿¡£¾Ý¹À¼Æ£¬Ô¼ÓÐ12Íò¸öÍøÒ³±»¶ñÒâÐ޸IJåÈëľÂí´úÂ룬¶ø¹¥»÷Õß²ÉÓõÄÊֶξÍÊÇSQL×¢Èë¹¥»÷¡£
ÄÇô£¬Ê²Ã´ÊÇSQL×¢Èë¹¥»÷£¿¹¥»÷ÕßÊÇÈçºÎÀûÓÃSQL×¢Èë¹¥»÷´Û¸ÄÍøÒ³µÄ£¿Web¿ª·¢ÈËÔ±ÓÖÓ¦¸ÃÈçºÎ·À·¶SQL¹¥»÷£¿Õâ¾ÍÊÇÎÒÃÇÕâƪÎÄÕÂÒª²ûÊöµÄÎÊÌâ¡£
2. SQL×¢Èë¹¥»÷
ÎÒÃÇ´ÓÒ»¸ö¼òµ¥µÄÀý×Ó¡¾2¡¿¿ªÊ¼¡£ÏÂÃæÕâ¶Î´úÂëÓÃÀ´¹¹ÔìSQL²éѯÃüÁî¡£
var strUserAccount;
strUserAccount = Request.form ("UserAccount");
var sqlQueryString = "select * from Orders where UserAccount = '" + strUserAccount + "'";
//Ö´ÐÐSQL Query …
Õâ¶Î´úÂëºÜ¼òµ¥£º¸ø³öUserAccount£¬²éѯÆä¶ÔÓ¦µÄ¶©µ¥ÐÅÏ¢¡£
ÀýÈ磬Èç¹ûÊäÈëUserAccountֵΪ100£¬ÄÇô¹¹ÔìµÄ²éѯÃüÁî¾ÍÊÇ£º
SELECT * from Orders WHERE UserAccount = '100'
´Ó¹¦ÄÜÉÏ˵Õâ¶Î´úÂë·Ç³£ÕýÈ·£¬ÍêȫûÓÐÈκÎÎÊÌâ¡£µ«ÊÇ¿ª·¢ÈËÔ±ÍùÍùºöÊÓ°²È«·½ÃæµÄ¿¼ÂÇ£ºÈç¹ûÓû§£¨¹¥»÷Õߣ©ÌṩµÄÊäÈëÊý¾ÝÊǶñÒâµÄ£¬ ³ÌÐòµÄ±íÏÖÐÐΪÊÇʲô£¿
· Èç¹ûÊÇÒ»¸ö²»ÄÇôÓѺõĹ¥»÷Õߣ¬¿ÉÄÜÊäÈëUserAccountֵΪ100' or 1=1 --£¬¹¹ÔìµÄ²éѯÃüÁî¾ÍÊÇ:
SELECT * from Orders WHERE UserAccount = '100' or 1=1 --
Ö´ÐÐÕâ¸ö²éѯÃüÁ¾Í»á·µ»ØËùÓÐÓû§µÄ¶©µ¥£¬µ¼ÖÂÉÌÒµ»úÃÜÐÅÏ¢µÄй©¡£
· Èç¹ûÊÇÒ»¸ö·Ç³£²»ÓѺõĹ¥»÷Õߣ¬¿ÉÄÜÊäÈëUserAccou
Ïà¹ØÎĵµ£º
ÎÊÌâÌá³ö:
ÔÚÓ¦ÓóÌÐòÖо³£ÐèÒª²éѯÊý¾Ý¡£µ±²éѯ½á¹ûÊý¾ÝÁ¿±È½Ï´óµÄʱºò£¬¼ìË÷½á¹û¡¢½çÃæÏÔʾ¶¼ÐèÒª»¨·Ñ´óÁ¿µÄʱ¼ä¡£ÎªÁ˱ÜÃâÕâ¸öÎÊÌ⣬Ӧ¸Ãÿ´ÎÖ»¼ìË÷²¿·ÖÊý¾Ý£¬Ò²¾ÍÊÇʹÓó£¼ûµÄ·ÖÒ³·½Ê½À´´¦Àí¡£·ÖÒ³µÄÎÊÌâÔÚasp.netÖкÃÏñ·Ç³£¼òµ¥£¬Ö»ÒªÔÚGridViewÖÐÆôÓ÷ÖÒ³¾Í¿ÉÒÔÁË¡£ÆôÓ÷ÖÒ³ºó£¬GridView¹ØÁªÊý¾ÝÔ´¿Ø¼þ£¬ÒÀ¾É»á¼ÓÔØ ......
SQL Server 2005 T-SQL Apply
͸¹ýÖ´Ðмƻ®¿ÉÒÔ¿´³ö£¬cross applyÀàËƲ»´øwhereÌõ¼þµÄÁ¬½Ó¼´cross join £¨½»²æÁ¬½Ó¼´µÑ¿¨¶û»ý£º·µ»ØÐÐÊýΪ£ºÇ°±í·ûºÏÌõ¼þµÄÐгËÉϺó±í·ûºÏÌõ¼þµÄÐУ© ¡£ÐÎʽÉÏ»áÁé»îЩ.
ʹÓà APPLY ÔËËã·û¿ÉÒÔΪʵÏÖ²éѯ²Ù×÷µÄÍⲿ±í±í´ïʽ·µ»ØµÄÿ¸öÐе÷ÓñíÖµº¯Êý¡£±íÖµº¯Êý×÷ΪÓÒÊäÈ룬Íⲿ±í±í´ï ......
select ÐÕÃû,סַ,ÆÚ³õÓà¶î=isnull(ÆÚ³õÔö¼Ó,0)-isnull(ÆÚ³õ¼õÉÙ,0),±¾ÆÚÔö¼Ó,±¾ÆÚ¼õÉÙ,
±¾ÆÚ½áÓà=(isnull(ÆÚ³õÔö¼Ó,0)-isnull(ÆÚ³õ¼õÉÙ,0)+isnull(±¾ÆÚÔö¼Ó,0)-isnull(±¾ÆÚ¼õÉÙ,0)) from (
select ÐÕÃû,סַ,
ÆÚ³õÔö¼Ó=(select ÆÚ³õÔö¼Ó=sum(Ôö¼Ó»ý·Ö) from b where ·¢ÉúÈÕÆÚ<'2006-5-1' and ¿¨ºÅ=a.¿¨ºÅ),
ÆÚ³õ¼õÉ ......
BackupEveryDay
ÿÌì½øÐÐÊý¾Ý¿âµÄ²îÒ챸·Ý
day
Declare @File Varchar(2000)
Set @File='E:\Databasebackup\njyc_data_diff.BAK'
Backup database njyc_data to Disk=@File with DIFFERENTIAL
WeekBackup
ÿÖܽøÐÐÒ»´ÎÊý¾Ý¿âµÄÍêÈ«±¸·Ý£¬±¸·ÝÎļþÃûΪµ±ÌìÈÕÆÚ £¨njyc_data_Äê_ÔÂ_ÈÕ£©
BackupAll
DECLARE @BackupFi ......
.PivotµÄÓ÷¨Ìå»á:
Óï¾ä·¶Àý:
select PN,[2006/5/30] as [20060530],[2006/6/2] as [20060602]
from consumptiondata a
Pivot (sum(a.M_qty) FOR a.M_date in ([2006/5/30],[2006/6/2])) as PVT
order by PN
Table½á¹¹ Consumptiondata (PN,M_Date,M_qty)
order by PN¿ÉÒª¿É²»Òª,²¢²»ÖØ ......
