寰堝浜洪兘鐭ラ亾SQL娉ㄥ叆錛屼篃鐭ラ亾SQL鍙傛暟鍖栨煡璇㈠彲浠ラ槻姝QL娉ㄥ叆錛屽彲涓轟粈涔堣兘闃叉娉ㄥ叆鍗村茍涓嶆槸寰堝浜洪兘鐭ラ亾鐨勩?/p>
鏈枃涓昏璁茶堪鐨勬槸榪欎釜闂錛屼篃璁鎬綘鍦ㄩ儴鍒嗘枃绔犱腑鐪嬪埌榪囪繖鍧楀唴瀹癸紝褰撶劧浜嗙湅鐪嬩篃鏃犲Θ銆?/p>
棣栧厛錛氭垜浠浜嗚ВSQL鏀跺埌涓涓寚浠ゅ悗鎵鍋氱殑浜嬫儏錛?/p>
鍏蜂綋緇嗚妭鍙互鏌ョ湅鏂囩珷錛?a >Sql Server 緙栬瘧銆侀噸緙栬瘧涓庢墽琛岃鍒掗噸鐢ㄥ師鐞?
鍦ㄨ繖閲岋紝鎴戠畝鍗曠殑琛ㄧず涓猴細(xì) 鏀跺埌鎸囦護(hù) -> 緙栬瘧SQL鐢熸垚鎵ц璁″垝 ->閫夋嫨鎵ц璁″垝 ->鎵ц鎵ц璁″垝銆?/span>
鍏蜂綋鍙兘鏈夌偣涓嶄竴鏍鳳紝浣嗗ぇ鑷寸殑姝ラ濡備笂鎵紺恒?/p>
鎺ョ潃鎴戜滑鏉ュ垎鏋?strong>涓轟粈涔堟嫾鎺QL 瀛楃涓蹭細(xì)瀵艱嚧SQL娉ㄥ叆鐨勯闄╁憿錛?/p>
棣栧厛鍒涘緩涓寮犺〃Users:
CREATE TABLE [dbo].[Users]( [Id] [uniqueidentifier] NOT NULL, [UserId] [int] NOT NULL, [UserName] [varchar](50) NULL, [Password] [varchar](50) NOT NULL, CONSTRAINT [PK_Users] PRIMARY KEY CLUSTERED ( [Id] ASC )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY]
鎻掑叆涓浜涙暟鎹細(xì)
INSERT INTO [Test].[dbo].[Users]([Id],[UserId],[UserName],[Password])VALUES (NEWID(),1,'name1','pwd1'); INSERT INTO [Test].[dbo].[Users]([Id],[UserId],[UserName],[Password])VALUES (NEWID(),2,'name2','pwd2'); INSERT INTO [Test].[dbo].[Users]([Id],[UserId],[UserName],[Password])VALUES (NEWID(),3,'name3','pwd3'); INSERT INTO [Test].[dbo].[Users]([Id],[UserId],[UserName],[Password])VALUES (NEWID(),4,'name4','pwd4'); INSERT INTO [Test].[dbo].[Users]([Id],[UserId],[UserName],[Password])VALUES (NEWID(),5,'name5','pwd5');
鍋囪鎴戜滑鏈変釜鐢ㄦ埛鐧誨綍鐨勯〉闈紝浠g爜濡備笅錛?/p>
楠岃瘉鐢ㄦ埛鐧誨綍鐨剆ql 濡備笅錛?/p>
select COUNT(*) from Users where Password = 'a' and UserName = 'b'
榪欐浠g爜榪斿洖Password 鍜孶serName閮藉尮閰嶇殑鐢ㄦ埛鏁伴噺錛屽鏋滃ぇ浜?鐨勮瘽錛岄偅涔堝氨浠h〃鐢ㄦ埛瀛樺湪銆?/p>
鏈枃涓嶈璁篠QL 涓殑瀵嗙爜絳栫暐錛屼篃涓嶈璁轟唬鐮佽鑼冿紝涓昏鏄涓轟粈涔堣兘澶熼槻姝QL娉ㄥ叆錛岃涓浜涘悓瀛︿笉瑕佺籂緇撲笌鏌愪簺浠g爜錛屾垨鑰呭拰SQL娉ㄥ叆鏃犲叧鐨勪富棰樸?/strong>
鍙互鐪嬪埌鎵ц緇撴灉錛?/p>
榪欎釜鏄疭QL profile 璺熻釜鐨凷QL 璇彞銆?/p>
娉ㄥ叆鐨勪唬鐮佸涓嬶細(xì)
select COUNT(*) from Users where Password = 'a' and UserName = 'b' or 1=1—'
榪欓噷鏈変漢灝哢serName璁劇疆涓轟簡 “b' or 1=1 –”.
瀹為檯鎵ц鐨凷QL灝卞彉鎴愪簡濡備笅錛?/p>
鍙互寰堟槑鏄劇殑鐪嬪埌SQL娉ㄥ叆鎴愬姛浜嗐?/p>
寰堝浜洪兘鐭ラ亾鍙傛暟鍖栨煡璇?/strong>鍙互閬垮厤涓婇潰鍑虹幇鐨勬敞鍏ラ棶棰橈紝姣斿涓嬮潰鐨勪唬鐮侊細(xì)
class Program { private static string connectionString = "Data Source=.;Initial Catalog=Test;Integrated Security=True"; static void Main(string[] args) { Login("b", "a"); Login("b' or 1=1--", "a"); } private static void Login(string userName, string password) { using (SqlConnection conn = new SqlConnection(connectionString)) { conn.Open(); SqlCommand comm = new SqlCommand(); comm.Connection = conn; //涓烘瘡涓鏉℃暟鎹坊鍔犱竴涓弬鏁? comm.CommandText = "select COUNT(*) from Users where Password = @Password and UserName = @UserName"; comm.Parameters.AddRange( new SqlParameter[]{ new SqlParameter("@Password", SqlDbType.VarChar) { Value = password}, new SqlParameter("@UserName", SqlDbType.VarChar) { Value = userName}, }); comm.ExecuteNonQuery(); } } }
瀹為檯鎵ц鐨凷QL 濡備笅鎵紺猴細(xì)
exec sp_executesql N'select COUNT(*) from Users where Password = @Password and UserName = @UserName',N'@Password varchar(1),@UserName varchar(1)',@Password='a',@UserName='b'
exec sp_executesql N'select COUNT(*) from Users where Password = @Password and UserName = @UserName',N'@Password varchar(1),@UserName varchar(11)',@Password='a',@UserName='b'' or 1=1—'
鍙互鐪嬪埌鍙傛暟鍖栨煡璇富瑕佸仛浜嗚繖浜涗簨鎯咃細(xì)
1錛?strong>鍙傛暟榪囨護(hù)錛屽彲浠ョ湅鍒?@UserName='b'' or 1=1—'
2錛?strong>鎵ц璁″垝閲嶇敤
鍥犱負(fù)鎵ц璁″垝琚噸鐢紝鎵浠ュ彲浠ラ槻姝QL娉ㄥ叆銆?/strong>
棣栧厛鍒嗘瀽SQL娉ㄥ叆鐨勬湰璐紝
鐢ㄦ埛鍐欎簡涓孌礢QL 鐢ㄦ潵琛ㄧず鏌ユ壘瀵嗙爜鏄痑鐨勶紝鐢ㄦ埛鍚嶆槸b鐨勬墍鏈夌敤鎴風(fēng)殑鏁伴噺銆?/span>
閫氳繃娉ㄥ叆SQL錛岃繖孌礢QL鐜板湪琛ㄧず鐨勫惈涔夋槸鏌ユ壘(瀵嗙爜鏄痑鐨勶紝騫朵笖鐢ㄦ埛鍚嶆槸b鐨勶紝) 鎴栬?=1 鐨勬墍鏈夌敤鎴風(fēng)殑鏁伴噺銆?/span>
鍙互鐪嬪埌SQL鐨勮鎰忓彂鐢熶簡鏀瑰彉錛屼負(fù)浠涔堝彂鐢熶簡鏀瑰彉鍛紵錛屽洜涓烘病鏈夐噸鐢ㄤ互鍓嶇殑鎵ц璁″垝錛屽洜涓哄娉ㄥ叆鍚庣殑SQL璇彞閲嶆柊榪涜浜嗙紪璇戯紝鍥犱負(fù)閲嶆柊鎵ц浜嗚娉曡В鏋愩傛墍浠ヨ淇濊瘉SQL璇箟涓嶅彉錛屽嵆鎴戞兂瑕佽〃杈維QL灝辨槸鎴戞兂琛ㄨ揪鐨勬剰鎬濓紝涓嶆槸鍒殑娉ㄥ叆鍚庣殑鎰忔濓紝灝卞簲璇ラ噸鐢ㄦ墽琛岃鍒掋?/strong>
濡傛灉涓嶈兘澶熼噸鐢ㄦ墽琛岃鍒掞紝閭d箞灝辨湁SQL娉ㄥ叆鐨勯闄╋紝鍥犱負(fù)SQL鐨勮鎰忔湁鍙兘浼?xì)鍙樺寲锛屾墍琛ㄨ揪鐨勬煡璇㈠氨鍙兘鍙樺寲銆?/strong>
鍦⊿QL Server 涓煡璇㈡墽琛岃鍒掑彲浠ヤ嬌鐢ㄤ笅闈㈢殑鑴氭湰錛?/span>
DBCC FreeProccache select total_elapsed_time / execution_count 騫沖潎鏃墮棿,total_logical_reads/execution_count 閫昏緫璇? usecounts 閲嶇敤嬈℃暟,SUBSTRING(d.text, (statement_start_offset/2) + 1, ((CASE statement_end_offset WHEN -1 THEN DATALENGTH(text) ELSE statement_end_offset END - statement_start_offset)/2) + 1) 璇彞鎵ц from sys.dm_exec_cached_plans a cross apply sys.dm_exec_query_plan(a.plan_handle) c ,sys.dm_exec_query_stats b cross apply sys.dm_exec_sql_text(b.sql_handle) d --where a.plan_handle=b.plan_handle and total_logical_reads/execution_count>4000 ORDER BY total_elapsed_time / execution_count DESC;
鍗氬鍥湁綃囨枃绔狅細(xì) Sql Server鍙傛暟鍖栨煡璇箣where in鍜宭ike瀹炵幇璇﹁В
鍦ㄨ繖綃囨枃绔犱腑鏈夎繖涔堜竴孌碉細(xì)
榪欓噷浣滆呮湁涓鍙ヨ瘽錛?#8221;涓嶈繃榪欑鍐欐硶鍜岀洿鎺ユ嫾SQL鎵ц娌″暐瀹炶川鎬х殑鍖哄埆”
浠諱綍鎷兼帴SQL鐨勬柟寮忛兘鏈塖QL娉ㄥ叆鐨勯闄╋紝鎵浠ュ鏋滄病鏈夊疄璐ㄦх殑鍖哄埆鐨勮瘽錛岄偅涔堜嬌鐢╡xec 鍔ㄦ佹墽琛孲QL鏄笉鑳介槻姝QL娉ㄥ叆鐨勩?/p>
姣斿涓嬮潰鐨勪唬鐮侊細(xì)
private static void TestMethod() { using (SqlConnection conn = new SqlConnection(connectionString)) { conn.Open(); SqlCommand comm = new SqlCommand(); comm.Connection = conn; //浣跨敤exec鍔ㄦ佹墽琛孲QL銆 //瀹為檯鎵ц鐨勬煡璇㈣鍒掍負(fù)(@UserID varchar(max))select * from Users(nolock) where UserID in (1,2,3,4)銆銆 //涓嶆槸棰勬湡鐨?@UserID varchar(max))exec('select * from Users(nolock) where UserID in ('+@UserID+')') comm.CommandText = "exec('select * from Users(nolock) where UserID in ('+@UserID+')')"; comm.Parameters.Add(new SqlParameter("@UserID", SqlDbType.VarChar, -1) { Value = "1,2,3,4" }); //comm.Parameters.Add(new SqlParameter("@UserID", SqlDbType.VarChar, -1) { Value = "1,2,3,4); delete from Users;--" }); comm.ExecuteNonQuery(); } }
鎵ц鐨凷QL 濡備笅錛?/p>
exec sp_executesql N'exec(''select * from Users(nolock) where UserID in (''+@UserID+'')'')',N'@UserID varchar(max) ',@UserID='1,2,3,4' 
鍙互鐪嬪埌SQL璇彞騫舵病鏈夊弬鏁板寲鏌ヨ銆?/pre>濡傛灉浣犲皢UserID璁劇疆涓?#8221;1,2,3,4); delete from Users;—-
”,閭d箞鎵ц鐨凷QL灝辨槸涓嬮潰榪欐牱錛?/pre>exec sp_executesql N'exec(''select * from Users(nolock) where UserID in (''+@UserID+'')'')',N'@UserID varchar(max) ',@UserID='1,2,3,4); delete from Users;--'
涓嶈浠ヤ負(fù)鍔犱簡涓狜UserID 灝變唬琛ㄨ兘澶熼槻姝QL娉ㄥ叆錛屽疄闄呮墽琛岀殑SQL 濡備笅錛?/p>
]]>
