1.ʲô½ÐSQL×¢È룿ÈçºÎ·ÀÖ¹£¿Çë¾ÙÀý˵Ã÷
1.ʲô½ÐSQL×¢È룿ÈçºÎ·ÀÖ¹£¿Çë¾ÙÀý˵Ã÷
´ð£ºSQL×¢ÈëÊdz£¼ûµÄÀûÓóÌÐò©¶´½øÐй¥»÷µÄ·½·¨¡£µ¼ÖÂsql×¢Èë¹¥»÷²¢·ÇϵͳÔì³ÉµÄ£¬Ö÷ÒªÊdzÌÐòÖкöÂÔÁË°²È«ÒòËØ£¬ÀûÓÃsqlÓïÑÔ©¶´»ñµÃºÏ·¨Éí·ÝµÇ½ϵͳ
ÀýÈ磺
"Select * from users where name='"+uName+"' and pwd='"+uPwd+"' "
ÈçÓû§ÔÚt_nameÖÐÊäÈëtom’ or 1=‘1 ¾Í¿ÉÒÔ½øÈëϵͳÁË¡£
Éú³ÉÓï¾ä£º
Select * from users where name = ‘tom’ or 1=‘1’ and pwd=‘123’
·ÀÖ¹sql×¢ÈëµÄ·½·¨ÓÐÈçϼ¸µã£º
ʹÓòÎÊý»¯¹ýÂËÓï¾ä
ÔÚwebÓ¦ÓóÌÐòµÄ¿ª·¢¹ý³ÌÖÐËùÓн׶Îʵʩ´úÂ밲ȫ¼ì²ì
ʹÓô洢¹ý³Ì
Ïà¹ØÎĵµ£º
Æäʵɾ³ýÊý¾Ý¿âÖÐÊý¾ÝµÄ·½·¨²¢²»¸´ÔÓ£¬ÎªÊ²Ã´ÎÒ»¹Òª¶à´ËÒ»¾ÙÄØ£¬Ò»ÊÇÎÒÕâÀï½éÉܵÄÊÇɾ³ýÊý¾Ý¿âµÄËùÓÐÊý¾Ý£¬ÒòΪÊý¾ÝÖ®¼ä¿ÉÄÜÐγÉÏ໥ԼÊø¹Øϵ£¬É¾³ý²Ù×÷¿ÉÄÜÏÝÈëËÀÑ»·£¬¶þÊÇÕâÀïʹÓÃÁË΢ÈíδÕýʽ¹«¿ªµÄsp_MSForEachTable´æ´¢¹ý³Ì¡£
Ò²ÐíºÜ¶à¶ÁÕßÅóÓѶ¼¾Àú¹ýÕâÑùµÄÊÂÇ飺ҪÔÚ¿ª·¢Êý¾Ý¿â»ù´¡ÉÏÇåÀíÒ»¸ö¿Õ¿â£¬µ«ÓÉÓÚ¶ÔÊý¾Ý¿ ......
ÐÐÁе¹ÖÃÔÚsql serverÖÐÊÇÒ»Öֺܳ£¼ûµÄ¼¼ÇÉ£¬ÔÚ×öÓ¦ÓÃϵͳµÄʱºò£¬¾³£ÐèÒª×öһЩͳ¼Æ¹¦ÄܱÜÃâ²»ÁËʹÓÃÐÐÁе¹ÖÃÕâ¸ö¼¼ÇÉ£¬ÎÒССµÄ×öÁËÒ»ÏÂ×ܽ᣺
µÚÒ»ÖÖ£ºsql server 2000ÖÐʹÓÃcase½øÐÐÐÐÁе¹ÖÃ
create table RowCellConvertTest
(
grade varchar(50),
sex varchar(50),
studentCount int
)
......
ʹÓà Microsoft SQL Server °²×°Ïòµ¼µÄ"ʵÀýÃû"Ò³£¬¿ÉÖ¸¶¨´´½¨Ä¬ÈÏʵÀý»¹ÊÇ´´½¨ SQL Server Express ÃüÃûʵÀý¡£³ý·ÇÄúÑ¡ÔñĬÈÏʵÀý£¬·ñÔò SQL Server Express ½«Ê¼ÖÕ°²×°ÃüÃûʵÀý (SQLExpress)¡£´ËÐÐΪÓë SQL Server 2005 ²»Í¬£¬ºóÕßÔÚδѡÔñÃüÃûʵÀýµÄÇé¿öÏ£¬½«Ê¼ÖÕ°²×°Ä¬ÈÏʵÀý¡£
Ñ¡Ïî
Ñ¡Ïî
˵Ã÷
ĬÈÏʵÀý ......
Ó¦ÓÃÖз¢ÏÖsqlÖеÄand¼°orµÄÖ´ÐÐЧÂÊÎÊÌâ
£ó£ñ£ìÓï¾ä£¬ÎªÊ²Ã´°Ñ×îºóµÄ£ï£ò»»³É£á£î£ä£¬²éѯµÄ¾ÍºÜ¿ì£¬Ê¹ÓõÄÊÇmssql·¶ÀýÖÐnorthwindÊý¾Ý¿âΪÀý£¬
select * from Orders a left join [Order Details] b on a.orderid = b.orderid
where a.customerid like '%ics%' or b.productid in (42,72)
×·×ÙÁËÓï¾äµÄÖ´Ðз½°¸,·¢ÏÖ ......
select ks.login_name,ks.exam_name,ks.start_time,ks.end_time,cj.score
from (
select u.user_id,u.login_name,e.* from cphrms.EXAM_USER eu, cphrms.users u, cphrms.exam_info e
where eu.user_id = u.user_id and eu.exam_id = e.exam_id
) ks
left ......
