¹ØÓÚ³ÌÐò´úÂëÖеÄSQLÓï¾ä
ÔÚ³ÌÐòÖÐÓÐЩ²éѯÓï¾äÏà¶Ô½Ï³¤£¬¿ÉÒÔ½«Óï¾äµ¥¶ÀдÔÚÒ»¸öXXX.sqlÎļþÖУ¬ÔÚ³ÌÐòÖжÁÈ¡SQLÎļþ
¾ßÌåÉæ¼°µ½
import java.io.File;
import org.apache.commons.io.FileUtils;
import java.net.URL;
URL resourceUrl = XXXX.class.getClassLoader().getResource(SQL_PATH+sqlName);//SQL_PATH¾ßÌåSQLÎļþ´æÔÚ·¾¶£¬sqlName¼´SQLÎļþÃû£¬ XXXXµ±Ç°Àà
File sqlFile = new File(resourceUrl.getPath()); //¶ÁÈ¡SQLÎļþ
String sql = FileUtils.readFileToString(sqlFile, "UTF-8"); //µÃµ½SQLÓï¾ä
Ïà¹ØÎĵµ£º
SQL Server 2005ΪXMLÌṩ±¾µØÖ§³Ö;ÏÖÔÚ¿ÉÒÔÔÚOPENXML½ÚµãÖÐʹÓÃÒ»¸ö´øÓÐnodes()º¯ÊýµÄXML×Ö¶ÎÀàÐÍ°ÑÒ»¸öXMLÎļþת»¯ÎªÒ»¸öÐм¯¡£ÈÃÎÒÃÇÀ´¿´Ò»¸öʹÓÃOPENXMLµÄ¼òµ¥Àý×Ó£¬²¢ÏÔʾÈçºÎ°ÑËüת»¯ÎªÔÚSQL Server 2005ÖÐʹÓÃXML×Ö¶ÎÀàÐͺÍnodes()º¯Êý¡£
¡¡¡¡ÎªÁËʹÎÒÃǵÄÀý×Ó¼òµ¥»¯£¬ÎÒÃǽ«¼ÙÉèÎÒÃÇÐèÒªÖ´ÐÐijÖÖ»ùÓڲɹº¶©µ¥ÁÐ±íµ ......
*
sql xml ÈëÃÅ:
--by jinjazz
--http://blog.csdn.net/jinjazz
1¡¢xml: ÄÜÈÏʶԪËØ¡¢ÊôÐÔºÍÖµ
2¡¢xpath: Ñ°Ö·ÓïÑÔ£¬ÀàËÆwind ......
----start
¶¯Ì¬SQLÊÇÔÚ³ÌÐòÔËÐÐʱ¹¹ÔìµÄ£¬ÒªÖ´Ðе¥ÌõSQL£¬Ê¹ÓÃEXECUTE IMMEDATE Óï¾ä£»µ±ÅúÁ¿Ö´ÐÐSQLʱ£¬ÏÈʹÓÃPREPARE Óï¾ä¹¹ÔìSQL£¬È»ºóʹÓÃEXECUTE Óï¾äÖ´ÐС£
Ò»£ºPrepareÓï¾ä£ºÓÃÀ´¹¹ÔìÅúÁ¿SQL
Óï·¨£º
PREPARE <sql-statement> [OUTPUT] INTO <result> [INPUT INTO] <input> ......
×î½ü·¢ÏÖÎÒÃǹ«Ë¾µÄASP.NETµÄ´úÂëÓÐÆ´½ÓSQLÓï¾äµÄÏ°¹ß£¡ÕâÊǷdz£Î£Ïյġ£ÒÔÏÂÎÒ¾ÙÀý˵Ã÷Ò»ÏÂ
Àý×Ó1£º
statement := "SELECT * from users WHERE name = '" + userName + "'; "
½«Óû§Ãû±äÁ¿(¼´username)ÉèÖÃΪ£º
a' or 't'='t£¬´ËʱÔʼÓï¾ä·¢ÉúÁ˱仯£º
SELECT * from users WHERE name = 'a' OR 't'='t';
Èç¹ûÕâ ......
ÏÖÔںܶàÍøÕ¾¶¼ÌṩÁËÕ¾ÄÚµÄËÑË÷¹¦ÄÜ£¬Óеĺܼòµ¥ÔÚSQLÓï¾äÀï¼ÓÒ»¸öÌõ¼þÈ磺where names like ‘%words%’¾Í¿ÉÒÔʵÏÖ×î»ù±¾µÄËÑË÷ÁË¡£
ÎÒÃÇÀ´¿´¿´¹¦ÄÜÇ¿´óÒ»µã£¬¸´ÔÓÒ»µãµÄËÑË÷ÊÇÈçºÎʵÏֵģ¨ÔÚSQL¡¡£Ó£Å£Ò£Ö£Å£Ò£²£°£°£¯£²£°£°£µÍ¨¹ý´æ´¢¹ý³ÌʵÏÖËÑË÷Ëã·¨£©¡£
ÎÒÃÇ ......
