asp·ÀSQL×¢È뺯Êý
'SQL·À×¢È뺯Êý£¬µ÷Ó÷½·¨£¬ÔÚÐèÒª·À×¢ÈëµÄµØ·½Ìæ»»ÒÔÇ°µÄrequest("XXXX")ΪSafeRequest("XXXX")
'www.yongfa365.com
Function
SafeRequest(ParaValue)
ParaValue =
Trim
(
Request
(ParaValue))
If
ParaValue =
""
Then
SafeRequest =
""
Exit
Function
End
If
'Òª¹ýÂ˵Ä×Ö·ûÒÔ","¸ô¿ª
LockValue =
"',Select,Update,Delete,insert,Count(,drop table,truncate,Asc(,Mid(,char(,xp_cmdshell,exec master,net localgroup administrators,And,net user,Or"
LockValue =
Split
(LockValue,
","
)
'ÅжÏÊÇ·ñÓÐ×¢Èë
For
i = 0
To
UBound
(LockValue)
If
InStr
(
LCase
(ParaValue),
LCase
(LockValue(i)))>0
Then
errmsg = 1
Exit
For
End
If
Next
'×¢Èë´¦Àí
If
errmsg = 1
Then
Response
.
Write
"<script language=
Ïà¹ØÎĵµ£º
1.¶Ô²éѯ½øÐÐÓÅ»¯£¬Ó¦¾¡Á¿±ÜÃâÈ«±íɨÃ裬Ê×ÏÈÓ¦¿¼ÂÇÔÚ where ¼° order by Éæ¼°µÄÁÐÉϽ¨Á¢Ë÷Òý¡£
2.Ó¦¾¡Á¿±ÜÃâÔÚ where ×Ó¾äÖжÔ×ֶνøÐÐ null ÖµÅжϣ¬·ñÔò½«µ¼ÖÂÒýÇæ
·ÅÆúʹÓÃË÷Òý¶ø½øÐÐÈ«±íɨÃ裬È磺
select id from t where num is null
¿ÉÒÔÔÚnumÉÏÉèÖÃ
ĬÈÏÖµ0£¬È·±£±íÖÐnumÁÐûÓÐnullÖµ£¬È»ºóÕâ
Ñù²éѯ£º
sel ......
SQL UNION ²Ù×÷·û
UNION ²Ù×÷·ûÓÃÓںϲ¢Á½¸ö»ò¶à¸ö SELECT Óï¾äµÄ½á¹û¼¯¡£
Çë×¢Ò⣬UNION ÄÚ²¿µÄ SELECT Óï¾ä±ØÐëÓµÓÐÏàͬÊýÁ¿µÄÁС£ÁÐÒ²±ØÐëÓµÓÐÏàËƵÄÊý¾ÝÀàÐÍ¡£Í¬Ê±£¬Ã¿Ìõ SELECT Óï¾äÖеÄÁеÄ˳Ðò±ØÐëÏàͬ¡£
SQL UNION Óï·¨
SELECT column_name(s) from table_name1
UNION
SELECT column_name(s) from table_na ......
¾³£»á¿´¼ûÔÚSQL³ÌÐòµÄ¿ªÍ·ÓÐÕâÑùÒ»¾ä»°
if OBJECT_ID('tb') is not null
drop table tb
º¯ÊýÓï·¨ÊÇÕâÑù£º
int OBJECT_ID('objectname');
×÷ÓÃÊÇ¿´¶ÔÏóobjectnameÊÇ·ñ´æÔÚ¡£
ÆäÖвÎÊýobjectname±íʾҪʹÓõĶÔÏó£¬ÊÇchar»òÕßncharÀàÐÍ¡£
·µ»ØÖµÀàÐÍΪint£¬Èç¹û¶ÔÏó´æÔÚ£¬Ôò·µ»Ø´Ë¶ÔÏóÔÚϵͳÖеı ......
SQL³£ÓÃ×Ö·û´®º¯Êý
Ò»¡¢×Ö·ûת»»º¯Êý
1¡¢ASCII()
·µ»Ø×Ö·û±í´ïʽ×î×ó¶Ë×Ö·ûµÄASCII ÂëÖµ¡£ÔÚASCII£¨£©º¯ÊýÖУ¬´¿Êý×ÖµÄ×Ö·û´®¿É²»ÓÑ’À¨ÆðÀ´£¬µ«º¬ÆäËü×Ö·ûµÄ×Ö·û´®±ØÐëÓÑ’À¨ÆðÀ´Ê¹Ó㬷ñÔò»á³ö´í¡£
2¡¢CHAR()
½«ASCII Âëת»»Îª×Ö·û¡£Èç¹ûûÓÐÊäÈë0 ~ 255 Ö®¼ä ......
´´½¨º¯Êý
CREATE OR REPLACE FUNCTION ntfuc(inp IN NUMBER)
RETURN NUMBER
IS
ntmp NUMBER;
BEGIN
ntmp := inp;
RETURN ntmp;
END ntfuc;
/
Ö´Ðиú¯Êýʱ
DECLARE
rcn NUMBER;
BEGIN
rcn := ntfunc(1);
END;
/ ......
