·ÀÖ¹Ò³ÃæÔÚÌøתµÄʱºò±»SQL×¢Èë
Ê×ÏÈдһ¸öSQL×¢Èë¹ýÂ˵ÄÀࣺ
public class SqlFilter
{
#region SQL×¢Èëʽ¹¥»÷´úÂë·ÖÎö
/// <summary>
/// ´¦ÀíÓû§Ìá½»µÄÇëÇó
/// </summary>
public void StartProcessRequest()
{
string getkeys = "";
string sqlErrorPage = "~/no.html";//תÏòµÄ´íÎóÌáʾҳÃæ
try
{
if (System.Web.HttpContext.Current.Request.QueryString != null)
{
for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
{
System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage,false);
System.Web.HttpContext.Current.ApplicationInstance.CompleteRequest();
//System.Web.HttpContext.Current.Response.End();
}
}
}
if (System.Web.HttpContext.Current.Request.Form != null)
{
for (int i = 0; i < System.Web.HttpContext.Current.Request.Form.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];
if (getkeys == "__VIEWSTATE") continue;
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))
{
System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage,false);
System.Web.HttpContext.Current.ApplicationInstance.CompleteRequest();
//System.Web.HttpContext.Current.Response.End();
Ïà¹ØÎĵµ£º
CONVERT º¯Êý [Êý¾ÝÀàÐÍת»»]
--------------------------------------------------------------------------------
¹¦ÄÜ
·µ»Øת»»³ÉÌṩµÄÊý¾ÝÀàÐ͵ıí´ïʽ¡£
Óï·¨
CONVERT ( data type, expression [ , format-style ] )
²ÎÊý
data&nbs ......
create table tabReProc
(
name varchar(30),
age integer,
primary key(name,age)
)
insert into tabReProc values('x7700',20)
insert into tabR ......
(1)Êý¾Ý¼Ç¼ɸѡ£º
sql="select*fromÊý¾Ý±íwhere×Ö¶ÎÃû=×Ö¶ÎÖµorderby×Ö¶ÎÃû[desc]"
sql="select*fromÊý¾Ý±íwhere×Ö¶ÎÃûlike'%×Ö¶ÎÖµ%'orderby×Ö¶ÎÃû[desc]"
sql="selecttop10*fromÊý¾Ý±íwhere×Ö¶ÎÃûorderby×Ö¶ÎÃû[desc]"
sql="select*fromÊý¾Ý±íwhere×Ö¶ÎÃûin('Öµ1','Öµ2','Öµ3')"
sql="select*fromÊý¾Ý±íwhere× ......
ÔÚ¹ÜÀí¹¤¾ßÀïÃæÓÐÊý¾ÝÔ´ Ñ¡ÔñsqlÊý¾ÝÔ´
ÔÚ´úÂëÖУº
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@page import="java.sql.*"%>
<html>
<head>
<meta http-equiv="Content-Type" content= ......
/*********************************************************/
Ŀ¼Çåµ¥CONTEXT LIST
/*********************************************************/
1.Êý¾Ý¿âDataBase
1.1Êý¾Ý¿â½¨Á¢/ɾ³ýcreate/drop database
1.2Êý¾Ý¿â±¸·ÝÓë»Ö¸´backup/restore database
/***************************************************** ......
