asp·ÀSQL×¢È뺯Êý
'SQL·À×¢È뺯Êý£¬µ÷Ó÷½·¨£¬ÔÚÐèÒª·À×¢ÈëµÄµØ·½Ìæ»»ÒÔÇ°µÄrequest("XXXX")ΪSafeRequest("XXXX")
'www.yongfa365.com
Function
SafeRequest(ParaValue)
ParaValue =
Trim
(
Request
(ParaValue))
If
ParaValue =
""
Then
SafeRequest =
""
Exit
Function
End
If
'Òª¹ýÂ˵Ä×Ö·ûÒÔ","¸ô¿ª
LockValue =
"',Select,Update,Delete,insert,Count(,drop table,truncate,Asc(,Mid(,char(,xp_cmdshell,exec master,net localgroup administrators,And,net user,Or"
LockValue =
Split
(LockValue,
","
)
'ÅжÏÊÇ·ñÓÐ×¢Èë
For
i = 0
To
UBound
(LockValue)
If
InStr
(
LCase
(ParaValue),
LCase
(LockValue(i)))>0
Then
errmsg = 1
Exit
For
End
If
Next
'×¢Èë´¦Àí
If
errmsg = 1
Then
Response
.
Write
"<script language=
Ïà¹ØÎĵµ£º
Student(S#,Sname,Sage,Ssex) ѧÉú±í
Course(C#,Cname,T#) ¿Î³Ì±í
SC(S#,C#,score) ³É¼¨±í
Teacher(T#,Tname) ½Ìʦ±í
ÎÊÌ⣺
1¡¢²éѯ“001”¿Î³Ì±È“002”¿Î³Ì³É¼¨¸ßµÄËùÓÐѧÉúµÄѧºÅ£»
select a.S# from (select s#,score from SC where C#='001') a,(sele ......
1.¶Ô²éѯ½øÐÐÓÅ»¯£¬Ó¦¾¡Á¿±ÜÃâÈ«±íɨÃ裬Ê×ÏÈÓ¦¿¼ÂÇÔÚ where ¼° order by Éæ¼°µÄÁÐÉϽ¨Á¢Ë÷Òý¡£
2.Ó¦¾¡Á¿±ÜÃâÔÚ where ×Ó¾äÖжÔ×ֶνøÐÐ null ÖµÅжϣ¬·ñÔò½«µ¼ÖÂÒýÇæ
·ÅÆúʹÓÃË÷Òý¶ø½øÐÐÈ«±íɨÃ裬È磺
select id from t where num is null
¿ÉÒÔÔÚnumÉÏÉèÖÃ
ĬÈÏÖµ0£¬È·±£±íÖÐnumÁÐûÓÐnullÖµ£¬È»ºóÕâ
Ñù²éѯ£º
sel ......
ÔÚÒ»¸öÊý¾Ý±íÀÓÐ3¸ö×ֶΣ¬ÈçÏ£º
ID ×Ô¶¯Ôö¼Ó£¬Òѽ¨Ë÷Òý
TITLE nvarchar(255)
CONTENT ntext(16)
¶Ôtitle×ֶνøÐГlike”²éѯ£¬ËٶȻ¹ÐС£µ«ÊÇÒª¶Ôcontent×ֶΣ¬½øÐГlike”²éѯ£¬ËٶȺÜÂý£¬²»¿É ......
SQL Server ¾Ñé £¨×ªÔØ£©
http://www.cnblogs.com/treeyh/archive/2007/08/06/844763.html
Èç¹ûÄãÕýÔÚ¸ºÔðÒ»¸ö»ùÓÚSQL ServerµÄÏîÄ¿£¬»òÕßÄã¸Õ¸Õ½Ó´¥SQL Server£¬Ä㶼ÓпÉÄÜÒªÃæÁÙһЩÊý¾Ý¿âÐÔÄܵÄÎÊÌ⣬ÕâƪÎÄÕ»áΪÄãÌṩһЩÓÐÓõÄÖ¸µ¼£¨ÆäÖдó¶àÊýÒ²¿ÉÒÔÓÃÓÚÆäËüµÄDBMS£©¡£
ÔÚÕâÀÎÒ²»´òËã½éÉ ......
