·À·¶SQL×¢Èëʽ¹¥»÷
SQL×¢Èëʽ¹¥»÷ÊÇÀûÓÃÊÇÖ¸ÀûÓÃÉè¼ÆÉϵÄ©¶´£¬ÔÚÄ¿±ê·þÎñÆ÷ÉÏÔËÐÐSqlÃüÁîÒÔ¼°½øÐÐÆäËû·½Ê½µÄ¹¥»÷¶¯Ì¬Éú³ÉSqlÃüÁîʱûÓжÔÓû§ÊäÈëµÄÊý¾Ý½øÐÐÑéÖ¤ÊÇSql×¢Èë¹¥»÷µÃ³ÑµÄÖ÷ÒªÔÒò¡£
±ÈÈ磺
Èç¹ûÄãµÄ²éѯÓï¾äÊÇselect * from admin where username="&user&" and password="&pwd&""
ÄÇô£¬Èç¹ûÎÒµÄÓû§ÃûÊÇ£º1 or 1=1
ÄÇô£¬ÄãµÄ²éѯÓï¾ä½«»á±ä³É£º
select * from admin where username=1 or 1=1 and password="&pwd&""
ÕâÑùÄãµÄ²éѯÓï¾ä¾Íͨ¹ýÁË£¬´Ó¶ø¾Í¿ÉÒÔ½øÈëÄãµÄ¹ÜÀí½çÃæ¡£
ËùÒÔ·À·¶µÄʱºòÐèÒª¶ÔÓû§µÄÊäÈë½øÐмì²é¡£ÌرðʽһЩÌØÊâ×Ö·û£¬±ÈÈçµ¥ÒýºÅ£¬Ë«ÒýºÅ£¬·ÖºÅ£¬¶ººÅ£¬Ã°ºÅ£¬Á¬½ÓºÅµÈ½øÐÐת»»»òÕß¹ýÂË¡£
£¨³ýÁËÉÏÃæµÄ·½Ê½Í⻹¿ÉÒÔͨ¹ý´æ´¢¹ý³ÌÀ´·À·¶SQL×¢Èë¹¥»÷£©
ÐèÒª¹ýÂ˵ÄÌØÊâ×Ö·û¼°×Ö·û´®ÓУº
¡¡¡¡ net user
¡¡¡¡ xp_cmdshell
¡¡¡¡ /add
¡¡¡¡ exec master.dbo.xp_cmdshell
¡¡¡¡ net localgroup administrators
¡¡¡¡ select
¡¡¡¡ count
¡¡¡¡ Asc
¡¡¡¡ char
¡¡¡¡ mid
¡¡¡¡
¡¡¡¡ :
¡¡¡¡ "
¡¡¡¡ insert
¡¡¡¡ delete from
¡¡¡¡ drop table
¡¡¡¡ update
¡¡¡¡ truncate
¡¡¡¡ from
¡¡¡¡ %
ÏÂÃæ¹ØÓÚ½â¾ö×¢Èëʽ¹¥»÷µÄ·À·¶´úÂ룬¹©´ó¼Òѧϰ²Î¿¼£¡
js°æµÄ·À·¶SQL×¢Èëʽ¹¥»÷´úÂ룺
¡¡¡¡
<script language="javascript">
<!--
var url = location.search;
var re=/^\?(.*)(select%20|insert%20|delete%20from%20|count\(|drop%20table|update%20truncate%20|asc\(|mid\(|char\(|xp_cmdshell|exec%20master|net%20localgroup%20administrators|\"|:|net%20user|\|%20or%20)(.*)$/gi;
var e = re.test(url);
if(e) {
alert("µØÖ·Öк¬ÓзǷ¨×Ö·û¡«");
location.href="error.asp";
}
//-->
<script>
asp°æµÄ·À·¶SQL×¢Èëʽ¹¥»÷´úÂë¡«£º
[CODE START]
<%
On Error Resume Next
Dim strTemp
If LCase(Request.ServerVariables("HTTPS")) = "off" Then
strTemp = "http://"
Else
strTemp = "https://"
End If
strTemp = strTemp & Request.ServerVariables("SERVER_NAME")
If Request.ServerVariables("SERVER_PORT") <> 80 Then strTemp = strTemp & ":" & Request.ServerVariables("SERVER_PORT")
strTemp = strTemp & Request.ServerVariables("
Ïà¹ØÎĵµ£º
SQL> var a number
SQL> begin
2 :a :=1000;
3 end;
4 /
PL/SQL procedure successfully completed.
SQL> edit
Wrote file afiedt.buf
1 begin
2 dbms_output.put_line(:a);
3* end;
SQL> /
ͨ¹ýÕâ¸ö´úÂë¿ÉÒÔ¿´³öͨ¹ýpl/sql³õʼ»¯¸³ÖµµÄBind variable¿ÉÒÔ±»ÆäËûPl/sql³ÌÐòµ ......
½üÆÚÒò¹¤×÷ÐèÒª£¬Ï£Íû±È½ÏÈ«ÃæµÄ×ܽáÏÂ
SQL SERVER
Êý¾Ý¿âÐÔÄÜÓÅ»¯Ïà¹ØµÄ×¢ÒâÊÂÏÔÚÍøÉÏËÑË÷ÁËÒ»ÏÂ
,
·¢ÏֺܶàÎÄÕÂ
,
ÓеĶ¼ÁгöÁËÉÏ°ÙÌõ
,
µ«ÊÇ×Ðϸ¿´·¢ÏÖ£¬ÓкܶàËÆÊǶø·Ç»òÕß¹ýʱ
(
¿ÉÄܶÔ
SQL SERVER6.5
ÒÔÇ°µÄ°æ±¾»òÕß
ORACLE
ÊÇÊÊÓõÄ
)
µÄÐÅÏ¢£¬Ö»ºÃ×Ô¼º¸ù¾ÝÒÔÇ°µÄ¾ÑéºÍ²âÊÔ½á¹û½øÐÐ×ܽáÁË¡£
ÎÒ ......
--1¡¢²éÕÒÔ±¹¤µÄ±àºÅ¡¢ÐÕÃû¡¢²¿ÃźͳöÉúÈÕÆÚ£¬Èç¹û³öÉúÈÕÆÚΪ¿ÕÖµ£¬ÏÔʾÈÕÆÚ²»Ïê,²¢°´²¿ÃÅÅÅÐòÊä³ö,ÈÕÆÚ¸ñʽΪyyyy-mm-dd¡£
select emp_no,emp_name,dept,isnull(convert(char(10),birthday,120),'ÈÕÆÚ²»Ïê') birthday
from employee
order by dept
--2¡¢²éÕÒÓëÓ÷×ÔÇ¿ÔÚͬһ¸öµ¥Î»µÄÔ±¹¤ÐÕÃû¡¢ÐԱ𡢲¿ÃźÍÖ°³Æ
select ......
½ñÌìÕÒµ½ÁËÈ¡mysql±íºÍ×Ö¶Î×¢Ê͵ÄÓï¾ä
È¡×Ö¶Î×¢ÊÍ
SELECT COLUMN_NAME ÁÐÃû, DATA_TYPE ×Ö¶ÎÀàÐÍ, COLUMN_COMMENT ×Ö¶Î×¢ÊÍ
from INFORMATION_SCHEMA.COLUMNS
WHERE table_name = 'companies'##±íÃû
AND table_schema = 'testhuicard'##Êý¾Ý¿âÃû
AND column_name LIKE 'c_name'##×Ö¶ÎÃû
--------------------------- ......
--sql server 2005
-- 1. ±í½á¹¹ÐÅÏ¢²éѯ
-- ========================================================================
-- ±í½á¹¹ÐÅÏ¢²éѯ
-- ×Þ½¨ 2005.08(ÒýÓÃÇë±£Áô´ËÐÅÏ¢)
-- ========================================================================
SELECT
TableName=CASE WHEN ......
