sh农商一段sql

update (select /*+use_hash(a,b) full(a) parallel(a,4)*/INST_ID inst_id1,b.b inst_id2 from T_DAYOFF_SYSTEM_SUMMARIES a,qy_WDJGH b where a.INST_ID = b.a) set inst_id1 = inst_id2;

他说上次就优化了一条语句,大概跑了45分钟,现在有4条,当前跑到第三条

/*+use_hash(a,b) full(a) parallel(a,4)*/

我原本以为这是注释 但并不是 而是执行因为sql的注释符号不是这个   

某个网站的登录验证的SQL查询代码为

strSQL = "SELECT * FROM users WHERE (name = '" + userName + "') and (pw = '"+ passWord +"');"

恶意填入

userName = "1' OR '1'='1";

passWord = "1' OR '1'='1";

时,将导致原本的SQL字符串被填为

strSQL = "SELECT * FROM users WHERE (name = '1' OR '1'='1') and (pw = '1' OR '1'='1');"

也就是实际上运行的SQL命令会变成下面这样的

strSQL = "SELECT * FROM users;"

猜你喜欢

转载自yangbinfx.iteye.com/blog/1873648