PL/SQL ѧϰ±Ê¼Ç1
PL/SQL ²»¾ß±¸ÊäÈëÊä³öµÄÄÜÁ¦
µ«ÊÇ¿ÉÒÔÒÀ¿¿»·¾³À´Ö´ÐÐÊýÖµµÄÊäÈëÊä³ö¸øPL/SQL ¿é
SQLPLUS »·¾³ÓÃsubstitution variables ºÍ host(bind) variable À´´«ÈëÊýÖµ¸øPL/SQL¿é
substitution variable: such as a preceding ampersand &a
host(bind) variable : such as a preceding colon :x
Ìæ´ú±äÁ¿¿ÉÒÔ²»ÓÃÉùÃ÷£¬µ«ÊÇ»áÔÚÖ´ÐеÄʱºòÓÐÒ»¸ö½»»¥Ê½Ìáʾ
°ó¶¨±äÁ¿ÐèÒªÉùÃ÷²¢ÇÒ¸³ÖµµÄʱºòÓÃexecÓï¾ä
SQL> var df df
Usage: VAR[IABLE] [ <variable> [ NUMBER | CHAR | CHAR (n [CHAR|BYTE]) |
VARCHAR2 (n [CHAR|BYTE]) | NCHAR | NCHAR (n) |
NVARCHAR2 (n) | CLOB | NCLOB | REFCURSOR |
BINARY_FLOAT | BINARY_DOUBLE ] ]
SQL> var a number
SQL> exec :a :=123
PL/SQL procedure successfully completed.
SQL> edit
Wrote file afiedt.buf
1 declare
2 begin
3 dbms_output.put_line('result='||'&a'||:a);
4* end;
SQL> /
Enter value for a: i love u
old 3: dbms_output.put_line('result='||'&a'||:a);
new 3: dbms_output.put_line('result='||'i love u'||:a);
result=i love u123
PL/SQL procedure successfully completed.
SQL>
Ïà¹ØÎĵµ£º
ÔÚÊý¾Ý¿âÓ¦ÓóÌÐò·¢²¼Ê±£¬¿Í»§¶Ë°²×°ÔÚ¾ÖÓòÍøÖеÄÖ÷»úAÉÏ£¬sql server °²×°ÔڸþÖÓòÍøµÄÖ÷»úBÉÏ¡£¿Í»§¶ËÈí¼þÖаüº¬ÓÐËüÒªÁ¬½ÓµÄÊý¾Ý¿âµÄÐÅÏ¢¡£ÈçÊý¾ÝÔ´£¬·þÎñÆ÷Ãû³Æ£¬Êý¾Ý¿âµÈ£¬ÊµÀý£ºdata source=SQLOLEDB;SERVER=DongZi\sqlExpress;uid=sa;pwd=123;database=MachineRoom
¡£ÄÇôÎÒÃÇÔÚÖ÷» ......
SQL²Ù×÷È«¼¯
ÏÂÁÐÓï¾ä²¿·ÖÊÇMssqlÓï¾ä£¬²»¿ÉÒÔÔÚaccessÖÐʹÓá£
SQL·ÖÀࣺ
DDL—Êý¾Ý¶¨ÒåÓïÑÔ(CREATE£¬ALTER£¬DROP£¬DECLARE)
DML—Êý¾Ý²Ù×ÝÓïÑÔ(SELECT£¬DELETE£¬UPDATE£¬INSERT)
DCL—Êý¾Ý¿ØÖÆÓïÑÔ(GRANT£¬REVOKE£¬COMMIT£¬ROLLBACK)
Ê×ÏÈ,¼òÒª½éÉÜ»ù´¡Óï¾ä£º
1¡¢ËµÃ÷£º´´½¨Êý¾Ý¿â
CREA ......
1.Çå¿ÕÈÕÖ¾
DUMP TRANSACTION ¿âÃû WITH NO_LOG
2.½Ø¶ÏÊÂÎñÈÕÖ¾£º
BACKUP LOG Êý¾Ý¿âÃû WITH NO_LOG
......
and exists (select * from sysobjects) //ÅжÏÊÇ·ñÊÇMSSQL
and exists(select * from tableName) //ÅжÏij±íÊÇ·ñ´æÔÚ..tableNameΪ±íÃû
and 1=(select @@VERSION) //MSSQL°æ±¾
And 1=(select db_name()) //µ±Ç°Êý¾Ý¿âÃû
and 1=(select @@servername) //±¾µØ·þÎñÃû
and 1=(select IS_SRVROLEMEMBER('sysadmin')) //Å ......
SQLÊÖ¹¤×¢Èë´óÈ«
2006Äê08ÔÂ11ÈÕ ÐÇÆÚÎå 21:00
±È·½ËµÔÚ²éѯidÊÇ50µÄÊý¾Ýʱ£¬Èç¹ûÓû§´«½üÀ´µÄ²ÎÊýÊÇ50 and 1=1£¬Èç¹ûûÓÐÉèÖùýÂ˵ϰ£¬¿ÉÒÔÖ±½Ó²é³öÀ´£¬SQL ×¢ÈëÒ»°ãÔÚASP³ÌÐòÖÐÓöµ½×î¶à£¬
¿´¿´ÏÂÃæµÄ
1.ÅжÏÊÇ·ñÓÐ×¢Èë
;and 1=1
;and 1=2
2.³õ²½ÅжÏÊÇ·ñÊÇmssql
;and user>0
3.ÅжÏÊý¾Ý¿âϵͳ
;and ......