asp·ÀSQL×¢È뺯Êý
'SQL·À×¢È뺯Êý£¬µ÷Ó÷½·¨£¬ÔÚÐèÒª·À×¢ÈëµÄµØ·½Ìæ»»ÒÔÇ°µÄrequest("XXXX")ΪSafeRequest("XXXX")
'www.yongfa365.com
Function
SafeRequest(ParaValue)
ParaValue =
Trim
(
Request
(ParaValue))
If
ParaValue =
""
Then
SafeRequest =
""
Exit
Function
End
If
'Òª¹ýÂ˵Ä×Ö·ûÒÔ","¸ô¿ª
LockValue =
"',Select,Update,Delete,insert,Count(,drop table,truncate,Asc(,Mid(,char(,xp_cmdshell,exec master,net localgroup administrators,And,net user,Or"
LockValue =
Split
(LockValue,
","
)
'ÅжÏÊÇ·ñÓÐ×¢Èë
For
i = 0
To
UBound
(LockValue)
If
InStr
(
LCase
(ParaValue),
LCase
(LockValue(i)))>0
Then
errmsg = 1
Exit
For
End
If
Next
'×¢Èë´¦Àí
If
errmsg = 1
Then
Response
.
Write
"<script language=
Ïà¹ØÎĵµ£º
--²âÊÔÊý¾Ý
if OBJECT_ID('tb') is not null
drop table tb
go
CREATE TABLE tb(ID char(3),PID char(3),Name nvarchar(10))
INSERT tb SELECT '001',NULL ,'ɽ¶«Ê¡'
UNION ALL SELECT '002','001','ÑĮ̀ÊÐ'
UNION ALL SELECT '004','002','ÕÐÔ¶ÊÐ'
UNION ALL SELECT '003','001','ÇൺÊÐ'
UNION ALL SELECT '00 ......
1¡¢¶¨Òå»ù±¾±í
SQLÓïÑÔʹÓö¯´ÊCREATE¶¨Òå»ù±¾±í£¬Æä¾ßÌåÓï·¨¸ñʽÈçÏ£º
CREATE TABLE <±íÃû>
(<ÁÐÃû><Êý¾ÝÀàÐÍ>[Áм¶ÍêÕûÐÔÔ¼ÊøÌõ¼þ]...[£¬<ÁÐÃû><Êý¾ÝÀàÐÍ>[Áм¶ÍêÕûÐÔÔ¼ÊøÌõ¼þ]][,<±í¼¶ÍêÕûÐÔÔ¼ÊøÌõ¼þ>])£»
ÀýÈ磺½¨Á¢Ò»¸öѧÉú±íStudent£¬ËüÓÉѧºÅSno£¬ÐÕÃûSname£¬ÐÔ±ðSsex£¬Äê ......
Ò»¡¢SQL´æ´¢¹ý³ÌµÄ¸ÅÄÓŵ㼰Óï·¨
¡¡¡¡ÕûÀíÔÚѧϰ³ÌÐò¹ý³Ì֮ǰ£¬ÏÈÁ˽âÏÂʲôÊÇ´æ´¢¹ý³Ì?ΪʲôҪÓô洢¹ý³Ì£¬ËûÓÐÄÇЩÓŵã
¡¡¡¡¶¨Ò壺½«³£ÓõĻòºÜ¸´ÔӵŤ×÷£¬Ô¤ÏÈÓÃSQLÓï¾äдºÃ²¢ÓÃÒ»¸öÖ¸¶¨µÄÃû³Æ´æ´¢ÆðÀ´, ÄÇôÒÔºóÒª½ÐÊý¾Ý¿âÌṩÓëÒѶ¨ÒåºÃµÄ´æ´¢¹ý³ÌµÄ¹¦ÄÜÏàͬµÄ·þÎñʱ,Ö»Ðèµ÷ÓÃexecute,¼´¿É×Ô¶¯Íê³ ......
ÔÚSQL Server 2005 Express Éϸ½¼Ó´ÓÁíÍâһ̨µçÄÔCopy¹ýÀ´µÄÊý¾Ý¿âºó£¬Êý¾Ý¿âΪ“Ö»¶Á”¡£
½â¾ö°ì·¨£º
´ò¿ª SQL Server Configuration Manager, ´ò¿ªSQL Server SQLEXPRESS µÄÊôÐÔ
ÔÚÄÚÖÃÕʺŴ¦£¬°Ñ“ÍøÂç·þÎñ”¸Ä³É“±¾µØϵͳ”£¬ÖØÐÂÆô¶¯SQL Server 2005 Express ºó£¬ÔÙ¸½¼ÓÊý¾Ý ......
SQL:Structured Query Language,1974ÄêBoyceºÍChamberlinÌá³ö.
Êý¾Ý¶¨Òå :CREATE,DROP
Êý¾Ý¿â²éѯ:SELECT
Êý¾Ý²Ù×Ý :INSERT,UPDATE,DELETE
Êý¾Ý¿ØÖÆ :GRANT,REVOKE
Ò».Êý¾ÝµÄ¶¨ÒåºÍÐÞ¸Ä:
1.¶¨Òå»ù±í
CREATE TABLE ±íÃû (<ÁÐÃû1 ÀàÐÍ[NOT NULL][,ÁÐÃû2 ÀàÐÍ[NOT NULL]>…[ÆäËû²ÎÊý]);
¹ØÓÚÀàÐÍ:
INTEGE ......
