12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
ADADADADAD
网络知识 时间:2024-12-03 15:10:15
作者:文/会员上传
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
存储过程防止sql注入的方法:对特殊字符进行过滤,例如:--Function:fn_escapecmdshellstring--Description:Returnsanescapedversionofagivenstring--withcarets('^')add
以下为本文的正文内容,内容仅供参考!本站为公益性网站,复制本文以及下载DOC文档全部免费。
存储过程防止sql注入的方法:
对特殊字符进行过滤,例如:
--Function:fn_escapecmdshellstring
--Description:Returnsanescapedversionofagivenstring
--withcarets('^')addedinfrontofallthespecial
--commandshellsymbols.
--Parameter:@command_stringnvarchar(4000)
--
CREATEFUNCTIONdbo.fn_escapecmdshellstring(
@command_stringnvarchar(4000))RETURNSnvarchar(4000)AS
BEGIN
DECLARE@escaped_command_stringnvarchar(4000),
@curr_charnvarchar(1),
@curr_char_indexint
SELECT@escaped_command_string=N'',
@curr_char=N'',
@curr_char_index=1
WHILE@curr_char_index<=LEN(@command_string)
BEGIN
SELECT@curr_char=SUBSTRING(@command_string,@curr_char_index,1)
IF@curr_charIN('%','<','>','|','&','(',')','^','"')
BEGIN
SELECT@escaped_command_string=@escaped_command_string+N'^'
END
SELECT@escaped_command_string=@escaped_command_string+@curr_char
SELECT@curr_char_index=@curr_char_index+1
END
RETURN@escaped_command_string
END
11-20
11-19
11-20
11-20
11-20
11-19
11-20
11-20
11-19
11-20
11-19
11-19
11-19
11-19
11-19
11-19