Ò׽ؽØͼÈí¼þ¡¢µ¥Îļþ¡¢Ãâ°²×°¡¢´¿ÂÌÉ«¡¢½ö160KB

SQL 2005ÒçÓÃÖ®£º·Ö²ðÁÐÖµ

ÎÊÌâÃèÊö£º
Óбítb, ÈçÏÂ:
id          values
----------- -----------
1           aa,bb
2           aaa,bbb,ccc
Óû°´,·Ö²ðvaluesÁÐ, ·Ö²ðºó½á¹ûÈçÏÂ:
id          value
----------- --------
1           aa
1           bb
2           aaa
2           bbb
2           ccc
1. ¾ÉµÄ½â¾ö·½·¨
SELECT TOP 8000
    id = IDENTITY(int, 1, 1)
INTO #
from syscolumns a, syscolumns b
SELECT
    A.id,
    SUBSTRING(A.[values], B.id, CHARINDEX(',', A.[values] + ',', B.id) - B.id)
from tb A, # B
WHERE SUBSTRING(',' + A.[values], B.id, 1) = ','
DROP TABLE #
-- 2. еĽâ¾ö·½·¨
-- ʾÀýÊý¾Ý
DECLARE @t TABLE(id int, [values] varchar(100))
INSERT @t SELECT 1, 'aa,bb'
UNION ALL SELECT 2, 'aaa,bbb,ccc'
-- ²éѯ´¦Àí
SELECT
    A.id, B.value
from(
    SELECT id, [values] = CONVERT(xml,
            '<root><v>' + REPLACE([values], ',', '</v><v>') + '</v></root>')
    from @t
)A
OUTER APPLY(
    SELECT value = N.v.value('.', 'varchar(100)')
    from A.[values].nodes('/root/v') N(v)
)B
/*--½á¹û
id          value
----------- --------
1           aa
1           bb
2           aaa
2       &nbs


Ïà¹ØÎĵµ£º

¹È¸èɵ¹ÏʽSQL×¢Éä(Google dorks sql injection)

Google dorks sql injection:
inurl:index.php?id=  
inurl:trainers.php?id=  
inurl:buy.php?category=  
inurl:article.php?ID=  
inurl:Play_old.php?id=  
inurl:declaration_more.php?decl_id=  
inurl:Pageid=  
inurl:game ......

ÔÚSQL Server 2005ÖÐÓô洢¹ý³ÌʵÏÖËÑË÷¹¦ÄÜ


ÏÖÔںܶàÍøÕ¾¶¼ÌṩÁËÕ¾ÄÚµÄËÑË÷¹¦ÄÜ£¬Óеĺܼòµ¥ÔÚSQLÓï¾äÀï¼ÓÒ»¸öÌõ¼þÈ磺where names like ‘%words%’¾Í¿ÉÒÔʵÏÖ×î»ù±¾µÄËÑË÷ÁË¡£
    ÎÒÃÇÀ´¿´¿´¹¦ÄÜÇ¿´óÒ»µã£¬¸´ÔÓÒ»µãµÄËÑË÷ÊÇÈçºÎʵÏֵģ¨ÔÚSQL¡¡£Ó£Å£Ò£Ö£Å£Ò£²£°£°£¯£²£°£°£µÍ¨¹ý´æ´¢¹ý³ÌʵÏÖËÑË÷Ëã·¨£©¡£
    ÎÒÃÇ ......

SQL Server 2005ÖÐÐÂÔöµÄ¹¦ÄÜÇ¿´óµÄ´°¿Úº¯Êý

Ô­ÎĵØÖ·£ºhttp://www.cnblogs.com/changhai0605/articles/1276319.html
OracleµÄÇë²Î¿¼£ºhttp://zonghl8006.blog.163.com/blog/static/4528311520083995931317/
1.¼ò½é£º
SQL Server 2005ÖÐÐÂÔöµÄ´°¿Úº¯Êý°ïÖúÄãѸËٲ鿴²»Í¬¼¶±ðµÄ¾ÛºÏ£¬Í¨¹ýËü¿ÉÒԷdz£·½±ãµØÀÛ¼Æ×ÜÊý¡¢Òƶ¯Æ½¾ùÖµ¡¢ÒÔ¼°Ö´ÐÐÆäËü¼ÆËã¡£
´°¿Úº¯Êý¹¦ÄÜ·Ç ......

¹ØÓÚ³ÌÐò´úÂëÖеÄSQLÓï¾ä

ÔÚ³ÌÐòÖÐÓÐЩ²éѯÓï¾äÏà¶Ô½Ï³¤£¬¿ÉÒÔ½«Óï¾äµ¥¶ÀдÔÚÒ»¸öXXX.sqlÎļþÖУ¬ÔÚ³ÌÐòÖжÁÈ¡SQLÎļþ
¾ßÌåÉæ¼°µ½
import java.io.File;
import org.apache.commons.io.FileUtils;
import java.net.URL;
URL resourceUrl = XXXX.class.getClassLoader().getResource(SQL_PATH+sqlName);//SQL_PATH¾ßÌåSQLÎļþ´æÔÚ·¾¶£¬sqlName¼ ......

ÍƼö̽ÌÖÕä²Ø¡¾¾­µäSQLÓï¾ä´óÈ«¡¿

ÏÂÁÐÓï¾ä²¿·ÖÊÇMssqlÓï¾ä£¬²»¿ÉÒÔÔÚaccessÖÐʹÓá£
¡¡¡¡SQL·ÖÀࣺ
¡¡¡¡DDL—Êý¾Ý¶¨ÒåÓïÑÔ(CREATE£¬ALTER£¬DROP£¬DECLARE)
¡¡¡¡DML—Êý¾Ý²Ù×ÝÓïÑÔ(SELECT£¬DELETE£¬UPDATE£¬INSERT)
¡¡¡¡DCL—Êý¾Ý¿ØÖÆÓïÑÔ(GRANT£¬REVOKE£¬COMMIT£¬ROLLBACK)
¡¡¡¡Ê×ÏÈ,¼òÒª½éÉÜ»ù´¡Óï¾ä£º
¡¡¡¡1¡¢ËµÃ÷£º´´½¨Êý¾Ý¿â
......
© 2009 ej38.com All Rights Reserved. ¹ØÓÚE½¡ÍøÁªÏµÎÒÃÇ | Õ¾µãµØͼ | ¸ÓICP±¸09004571ºÅ