×î¼òµ¥µÄ×î¸ßЧµÄ¹ýÂËSQL½Å±¾·À×¢Èë
.errInfo
{
border:solid 1px #d00;
background:#F7F0F7;
}
1.URLµØÖ··À×¢È룺
//¹ýÂËURL·Ç·¨SQL×Ö·û
var sUrl=location.search.toLowerCase();
var sQuery=sUrl.substring(sUrl.indexOf("=")+1);
re=/select|update|delete|truncate|join|union|exec|insert|drop|count|’|"|=|;|>|<|%/i;
if(re.test(sQuery))
{
alert("ÇëÎðÊäÈë·Ç·¨×Ö·û");
location.href=sUrl.replace(sQuery,"");
}
2.ÊäÈëÎı¾¿ò·À×¢È룺
ÒýÈëÒÔÏÂjs
//·ÀÖ¹SQL×¢Èë
function AntiSqlValid(oField )
{
re= /select|update|delete|exec|count|’|"|=|;|>|<|%/i;
if ( re.test(oField.value) )
{
//alert("ÇëÄú²»ÒªÔÚ²ÎÊýÖÐÊäÈëÌØÊâ×Ö·ûºÍSQL¹Ø¼ü×Ö£¡"); //×¢ÒâÖÐÎÄÂÒÂë
oField.value = ”;
oField.className="errInfo";
oField.focus();
return false;
}
ÔÚÐèÒª·À×¢ÈëµÄÊäÈëÎı¾¿òÌí¼ÓÈçÏ·½·¨
txtName.Attributes.Add("onblur", "AntiSqlValid(this)");//·ÀÖ¹Sql½Å±¾×¢Èë
Ïà¹ØÎĵµ£º
ÏÂÁÐÓï¾ä²¿·ÖÊÇMssqlÓï¾ä£¬²»¿ÉÒÔÔÚaccessÖÐʹÓá£
SQL·ÖÀࣺ
DDL—Êý¾Ý¶¨ÒåÓïÑÔ(Create£¬Alter£¬Drop£¬DECLARE)
DML—Êý¾Ý²Ù×ÝÓïÑÔ(Select£¬Delete£¬Update£¬Insert)
DCL—Êý¾Ý¿ØÖÆÓïÑÔ(GRANT£¬REVOKE£¬COMMIT£¬ROLLBACK)
Ê×ÏÈ,¼òÒª½éÉÜ»ù´¡Óï¾ä£º
1¡¢ËµÃ÷£º´´½¨Êý¾Ý¿â
Create&nb ......
sql serverÑ¡ÔñÁË»ìºÏģʽÎÊÌâ
ÒòΪҪѡÔñ»ìºÏģʽ²ÅÄÜʹÓÃsaÓû§µÇ¼µÄÎÊÌâ
È»ºóÆóÒµ¹ÜÀíÆ÷ÀïÃæ¾¹È»Ñ¡ÁËÒÔºóûÓÐЧ¹û ÓÀÔ¶¶¼Êǽöwindowsģʽ
ÎÞÓï ²»¶ÏÖØÆômssql ÓÖÑ¡Ôñ »ìºÏģʽ ´óÔ¼¼¸·ÖÖÓºó¾¹È»¿ÉÒÔÑ¡ÔñÁË
zhenTMD µÄÎÞÄΣ¡ ......
´ÓA±íËæ»úÈ¡10Ìõ¼Ç¼,ÓÃSELECT TOP 10 * from ywle order by newid()
order by Ò»°ãÊǸù¾Ýijһ×Ö¶ÎÅÅÐò,newid()µÄ·µ»ØÖµ ÊÇuniqueidentifier ,order by newid()Ëæ»úѡȡ¼Ç¼ÊÇÈçºÎ½øÐеÄ
newid()ÔÚɨÃèÿÌõ¼Ç¼µÄʱºò¶¼Éú³ÉÒ»¸öÖµ, ¶øÉú³ÉµÄÖµÊÇËæ»úµÄ, ûÓдóСд˳Ðò. ËùÒÔ×îÖÕ½á¹ûÔÙ°´Õâ¸öÅÅÐò, ÅÅÐòµÄ½á¹ûµ±È»¾ÍÊÇÎ ......
Ò»¡¢Êý¾Ý¿â°æ±¾
Êý¾ÝѹËõÔÚSql Server 2008ÉϲÅÖ§³Ö£¬2005²»ÐУ¬²¢ÇÒ»¹ÒªÊÇÆóÒµ°æ¡£ÎÒ³£³£ÍüÁËÕâÒ»µã£¬ÔÚ2005µÄStudioÉÏÄÖ³öÓï·¨´íÎóµÄ×´¿ö£¬ÕÛÌÚÀË·ÑÁ˺ÃÒ»Õó²ÅÐÑÎò¹ýÀ´¡£
¶þ¡¢Ñ¹Ëõ×´¿ö
´óÔ¼¿ÉÒÔ½ÚÊ¡20%-50%µÄ¿Õ¼ä£¬²¢ÇÒÐÐѹËõºÍҳѹËõÓÐËùÇø±ð¡£
µ«ÈÃÎÒʧÍûµÄÊÇ£¬Ïñº¬ÓÐVarchar(max),xmlÕâÖÖ×Ö¶ÎÀàÐ͵쬷´¶øËƺõѹ ......
/// <summary>
/// ¹ýÂ˱ê¼Ç
/// </summary>
/// <param name="NoHTML">°üÀ¨HTML£¬½Å±¾£¬Êý¾Ý¿â¹Ø¼ü×Ö£¬ÌØÊâ×Ö·ûµÄÔ´Âë </param>
/// <returns>ÒѾȥ³ý±ê¼ÇºóµÄÎÄ×Ö</returns>
&nbs ......