SQL Server µÄÁ¬½Ó¡¢²éѯÓë¸üÐÂ
#Region " ÃüÃû¿Õ¼ä "
Imports System.Data
Imports System.Data.SqlClient
#End Region
Public Class DBCommon
Implements IDisposable
#Region " ³ÉÔ±±äÁ¿ "
Private conn As SqlConnection
Private cmd As SqlCommand
Private trans As SqlTransaction
#End Region
#Region " ¹¹Ô캯Êý "
Public Sub New()
Connection()
End Sub
#End Region
#Region " ¹ý³Ìº¯Êý "
Public Sub Dispose() Implements IDisposable.Dispose
Close()
End Sub
Public Sub Close()
If conn Is Nothing Then
Return
End If
conn.Close()
conn.Dispose()
conn = Nothing
End Sub
Public Sub ClearParameter()
cmd.Parameters.Clear()
End Sub
Public Sub AddParameter( _
ByVal ParameterName As String, _
ByVal SqlDbType As SqlDbType, _
ByVal Size As Integer, _
ByVal Value As Object)
cmd.Parameters.Add(ParameterName, SqlDbType, Size).Value = Value
End Sub
Public Sub Fill( _
ByVal dtResult As DataTable, _
ByVal strSqlBun As String, _
ByVal Parameter As SqlParameter)
Dim objAdpt As SqlDataAdapter
objAdpt = New SqlDataAdapter(strSqlBun, conn)
cmd.CommandText = strSqlBun
objAdpt.SelectCommand = cmd
objAdpt.Fill(dtResult)
End Sub
Public Sub ExecuteNonQuery(ByVal strSqlBun As String)
cmd.CommandText = strSqlBun
cmd.ExecuteNonQuery()
End Sub
Public Sub BeginTransaction()
trans = conn.BeginTransaction()
End Sub
Public Sub Commit()
trans.Commit()
End Sub
Public Sub Rollback()
trans.Rollback()
End Sub
Protected Overrides Sub Finalize()
Close()
MyBase.Finalize()
End Sub
Private Sub Connection()
Dim strConnectionString As String
strConnectionString = My.MySettings.Default.ConnectionString
conn = New SqlConnection(strConnectionS
Ïà¹ØÎĵµ£º
SQL2000µÄÊý¾ÝÀàÐͼ°³¤¶È
==============================
bigint 8
binary 8000
bit 1
char 8000
datetime 8
decimal 17
float 8
image 16
int 4
money 8
nchar 8000
ntext 16
numeric 17
nvarchar 8000
real 4
smalldatetime 4
smallint 2
smallmoney 4
sql_variant 8016
sysname 256
text 16
tim ......
×î½ü·¢ÏÖÎÒÃǹ«Ë¾µÄASP.NETµÄ´úÂëÓÐÆ´½ÓSQLÓï¾äµÄÏ°¹ß£¡ÕâÊǷdz£Î£Ïյġ£ÒÔÏÂÎÒ¾ÙÀý˵Ã÷Ò»ÏÂ
Àý×Ó1£º
statement := "SELECT * from users WHERE name = '" + userName + "'; "
½«Óû§Ãû±äÁ¿(¼´username)ÉèÖÃΪ£º
a' or 't'='t£¬´ËʱÔʼÓï¾ä·¢ÉúÁ˱仯£º
SELECT * from users WHERE name = 'a' OR 't'='t';
Èç¹ûÕâ ......
SQLλÔËËã
select 2|8 --10
select 2|8|1 --11
select 10&8 --8,°üº¬,10=8+2
select 10&2 --2,°üº¬,10=2+8
select 10&4 --0,²»°üº¬
select 19&16 --16,°üº¬,19=16+2+1
s ......
Êý¾Ý¿âµÄÐÔÄܲâÊÔ¿ÉÒÔ°ïÖúÄãÌáÇ°ÖªµÀÄãµÄϵͳµÄ¸ºÔØÄÜÁ¦£¬¿ÉÒÔ°ïÖúÄã¸Ä½øϵͳµÄʵʩ»òÉè¼Æ£¬¿ÉÒÔ°ïÖúÄãÈ·¶¨Ò»Ð©Éè¼ÆºÍ±à³ÌÔÔò. µ«ÊÇ£¬ÕâÀïÃæÒ²ÓÐÏÝÚå. Èç¹û²»Ð¡ÐÄ£¬Äã»á×Ô¼º°Ñ×Ô¼ºÏݽøÈ¥£¬È´×îÖÕ²»Ã÷°×ÊÇʲôÔÒò. ÕâÀÎÒÄÃһλÏÈÉúΪÀý£¬À´¿´¿´ËûÔõô×Ô¼º°Ñ×Ô¼º¸ãºýÍ¿µÄ.
×î½ü, ÏëÆðÔÚ´æ´¢¹ý³ÌÖо¿¾¹ÊÇʹÓÃÁÙʱ±í»¹ÊÇÊ ......
