删除SQL注入的一些方法总结
sql替换法:
declare @myStr nvarchar(500); set @myStr='oa_20121026new.bak</title><style>.alx2{position:absolute;clip:rect(456px,auto,auto,456px);}</style><'; select replace(@myStr,substring(@myStr,charindex('<',@myStr),len(@myStr)),'');
sql替换法:
declare @myStr nvarchar(500); set @myStr='oa_20121026new.bak</title><style>.alx2{position:absolute;clip:rect(456px,auto,auto,456px);}</style><'; select replace(@myStr,substring(@myStr,charindex('<',@myStr),len(@myStr)),'');
