/*sql.Format(_T("delete from SELLINFO where Merchandise ='%s'"), m_name); m_pConnection->Execute((_bstr_t)sql, NULL, adCmdText); m_list.DeleteItem(pos);*/ //?é?¤sql×???????//_ConnectionPtr //sql = _T( "select * from SellInfo where Merchandise = '1' OR '1'='1' ");// CString m_name = "1' OR '1'='1";// sql.Format("delete from SellInfo where Merchandise = '%s'", m_name); // m_pConnection->Execute((_bstr_t)sql, NULL, adCmdText); //pCommand->CommandText="delete from SELLINFO where Merchandise = '%s'"; _CommandPtr pCommand(__uuidof(Command)); m_pRecordset.CreateInstance(__uuidof(Recordset)); pCommand->CommandText="delete from SELLINFO where Merchandise = ? "; //pCommand->CommandText="delete from SELLINFO where ? "; pCommand->Parameters->Refresh(); //_ParameterPtr param=pCommand->CreateParameter(_bstr_t("121"), adBSTR,adParamInput,strlen("121"), "121"); _ParameterPtr param=pCommand->CreateParameter(_bstr_t(" '1' OR '1'='1' "), adBSTR,adParamInput,strlen(" '1' OR '1'='1' ")," '1' OR '1'='1' "); pCommand->Parameters->Append(param); //pCommand->CommandText=" delete from SELLINFO where Merchandise = '1' OR '1'='1' "; ->??????sql???? pCommand->ActiveConnection=m_pConnection; pCommand->CommandType=adCmdText; // MessageBox("exe before");m_pRecordset=pCommand->Execute(NULL,NULL,adCmdText); //??sql??MessageBox("over");?
?
不要直接用用户输入的数据 如果数据库包含恶意字符 这样会导致 hack 填空 导致?delete from SELLINFO where Merchandise = '1' OR '1'='1' ?执行 数据全部删除?
?
?
?
CString m_name = " '1' ?OR '1'='1' ";
?
sql.Format("delete from SellInfo where ?Merchandise = ?%s ", m_name);
?
?m_pConnection->Execute((_bstr_t)sql, NULL, adCmdText); ?
?
?
?
?
?
try{?
?
CString m_name = "??1' ?OR '1'='1??";?
sql.Format("delete from SellInfo where ?Merchandise =??'%s'?", m_name);
?m_pConnection->Execute((_bstr_t)sql, NULL, adCmdText); ?
}
catch(_com_error ? e)?
{?
AfxMessageBox(e.Description());?
return;
}?
?
会导致数据全部删除?
?
?
?
?
?
?
?
?
?
?
?
?