Sql Server »ù±¾º¯Êý
1.×Ö·û´®º¯Êý
³¤¶ÈÓë·ÖÎöÓÃ
datalength(Char_expr) ·µ»Ø×Ö·û´®°üº¬×Ö·ûÊý,µ«²»°üº¬ºóÃæµÄ¿Õ¸ñ
substring(expression,start,length) ²»¶à˵ÁË,È¡×Ó´®
right(char_expr,int_expr) ·µ»Ø×Ö·û´®ÓÒ±ßint_expr¸ö×Ö·û
×Ö·û²Ù×÷Àà
upper(char_expr) תΪ´óд
lower(char_expr) תΪСд
space(int_expr) Éú³Éint_expr¸ö¿Õ¸ñ
replicate(char_expr,int_expr)¸´ÖÆ×Ö·û´®int_expr´Î
reverse(char_expr) ·´×ª×Ö·û´®
stuff(char_expr1,start,length,char_expr2) ½«×Ö·û´®char_expr1ÖеĴÓ
start¿ªÊ¼µÄlength¸ö×Ö·ûÓÃchar_expr2´úÌæ
ltrim(char_expr) rtrim(char_expr) È¡µô¿Õ¸ñ
ascii(char) char(ascii) Á½º¯Êý¶ÔÓ¦,È¡asciiÂë,¸ù¾ÝasciiÂðÈ¡×Ö·û
×Ö·û´®²éÕÒ
charindex(char_expr,expression) ·µ»Øchar_exprµÄÆðʼλÖÃ
patindex("%pattern%",expression) ·µ»ØÖ¸¶¨Ä£Ê½µÄÆðʼλÖÃ,·ñÔòΪ0
2.Êýѧº¯Êý
abs(numeric_expr) Çó¾ø¶ÔÖµ
ceiling(numeric_expr) È¡´óÓÚµÈÓÚÖ¸¶¨ÖµµÄ×îСÕûÊý
exp(float_expr) È¡Ö¸Êý
floor(numeric_expr) СÓÚµÈÓÚÖ¸¶¨ÖµµÃ×î´óÕûÊý
pi() 3.1415926.........
power(numeric_expr,power) ·µ»Øpower´Î·½
rand([int_expr]) Ëæ»úÊý²úÉúÆ÷
round(numeric_expr,int_expr) °²int_expr¹æ¶¨µÄ¾«¶ÈËÄÉáÎåÈë
sign(int_expr) ¸ù¾ÝÕýÊý,0,¸ºÊý,,·µ»Ø+1,0,-1
sqrt(float_expr) ƽ·½¸ù
3.ÈÕÆÚº¯Êý
getdate() ·µ»ØÈÕÆÚ
datename(datepart,date_expr) ·µ»ØÃû³ÆÈç June
datepart(datepart,date_expr) È¡ÈÕÆÚÒ»²¿·Ý
datediff(datepart,date_expr1.dateexpr2) ÈÕÆÚ²î
dateadd(datepart,number,date_expr) ·µ»ØÈÕÆÚ¼ÓÉÏ number
ÉÏÊöº¯ÊýÖÐdatepartµÄ
д·¨ È¡ÖµºÍÒâÒå
yy 1753-9999 Äê·Ý
qq 1-4 ¿Ì
mm 1-12 ÔÂ
dy 1-366 ÈÕ
dd 1-31 ÈÕ
wk 1-54 ÖÜ
dw 1-7 Öܼ¸
hh 0-23 Сʱ
mi 0-59 ·ÖÖÓ
ss 0-59 Ãë
ms 0-999 ºÁÃë
ÈÕÆÚת»»
convert()
4.ϵͳº¯Êý
suser_name() Óû§µÇ¼Ãû
user_name() Óû§ÔÚÊý¾Ý¿âÖеÄÃû×Ö
user Óû§ÔÚÊý¾Ý¿âÖеÄÃû×Ö
show_role() ¶Ôµ±Ç°Óû§Æð×÷ÓõĹæÔò
db_name() Êý¾Ý¿âÃû
object_name(obj_id) Êý¾Ý¿â¶ÔÏóÃû
col_name(obj_id,col_id) ÁÐÃû
col_length(objname,colname) Á㤶È
valid_name(char_expr) ÊÇ·ñÊÇÓÐЧ±êʶ·û
Ïà¹ØÎĵµ£º
and exists (select * from sysobjects) //ÅжÏÊÇ·ñÊÇMSSQL
and exists(select * from tableName) //ÅжÏij±íÊÇ·ñ´æÔÚ..tableNameΪ±íÃû
and 1=(select @@VERSION) //MSSQL°æ±¾
And 1=(select db_name()) //µ±Ç°Êý¾Ý¿âÃû
and 1=(select @@servername) //±¾µØ·þÎñÃû
and 1=(select IS_SRVROLEMEMBER('sysadmin')) //Å ......
SQLÊÖ¹¤×¢Èë´óÈ«
2006Äê08ÔÂ11ÈÕ ÐÇÆÚÎå 21:00
±È·½ËµÔÚ²éѯidÊÇ50µÄÊý¾Ýʱ£¬Èç¹ûÓû§´«½üÀ´µÄ²ÎÊýÊÇ50 and 1=1£¬Èç¹ûûÓÐÉèÖùýÂ˵Ļ°£¬¿ÉÒÔÖ±½Ó²é³öÀ´£¬SQL ×¢ÈëÒ»°ãÔÚASP³ÌÐòÖÐÓöµ½×î¶à£¬
¿´¿´ÏÂÃæµÄ
1.ÅжÏÊÇ·ñÓÐ×¢Èë
;and 1=1
;and 1=2
2.³õ²½ÅжÏÊÇ·ñÊÇmssql
;and user>0
3.ÅжÏÊý¾Ý¿âϵͳ
;and ......
SQL ServerµÄ²¹¶¡°æ±¾¼ì²é²»ÈçWindows ²¹¶¡°æ±¾¼ì²éÖ±½Ó£¬Ò»¸öϵͳ¹ÜÀíÔ±£¬Èç¹û²»Á˽âSQL Server°æ±¾¶ÔÓ¦µÄ²¹¶¡ºÅ£¬¿ÉÄÜÒ²»áÓöµ½Ò»µãÂé·³£¬Òò´ËÔÚÕâ˵Ã÷һϣ¬Í¨¹ýÕâÑùµÄ°ì·¨Åбð»úÆ÷ÊÇ°²È«µÄ°ì·¨£¬²»»á¶Ôϵͳ²úÉúÈκÎÓ°Ïì¡£
¡¡
1¡¢ÓÃIsql»òÕßSQL²éѯ·ÖÎöÆ÷µÇ¼µ½SQL Server£¬Èç¹ûÊÇÓÃIsql£¬ÇëÔÚcmd´°¿ÚÊäÈëisql -U sa,È» ......
½üÆÚÒò¹¤×÷ÐèÒª£¬Ï£Íû±È½ÏÈ«ÃæµÄ×ܽáÏÂ
SQL SERVER
Êý¾Ý¿âÐÔÄÜÓÅ»¯Ïà¹ØµÄ×¢ÒâÊÂÏÔÚÍøÉÏËÑË÷ÁËÒ»ÏÂ
,
·¢ÏֺܶàÎÄÕÂ
,
ÓеĶ¼ÁгöÁËÉÏ°ÙÌõ
,
µ«ÊÇ×Ðϸ¿´·¢ÏÖ£¬ÓкܶàËÆÊǶø·Ç»òÕß¹ýʱ
(
¿ÉÄܶÔ
SQL SERVER6.5
ÒÔÇ°µÄ°æ±¾»òÕß
ORACLE
ÊÇÊÊÓõÄ
)
µÄÐÅÏ¢£¬Ö»ºÃ×Ô¼º¸ù¾ÝÒÔÇ°µÄ¾ÑéºÍ²âÊÔ½á¹û½øÐÐ×ܽáÁË¡£
ÎÒ ......
--1¡¢²éÕÒÔ±¹¤µÄ±àºÅ¡¢ÐÕÃû¡¢²¿ÃźͳöÉúÈÕÆÚ£¬Èç¹û³öÉúÈÕÆÚΪ¿ÕÖµ£¬ÏÔʾÈÕÆÚ²»Ïê,²¢°´²¿ÃÅÅÅÐòÊä³ö,ÈÕÆÚ¸ñʽΪyyyy-mm-dd¡£
select emp_no,emp_name,dept,isnull(convert(char(10),birthday,120),'ÈÕÆÚ²»Ïê') birthday
from employee
order by dept
--2¡¢²éÕÒÓëÓ÷×ÔÇ¿ÔÚͬһ¸öµ¥Î»µÄÔ±¹¤ÐÕÃû¡¢ÐԱ𡢲¿ÃźÍÖ°³Æ
select ......
