求教一个简单的sql注入语句查询语句

点击联系发帖人 时间:2017-09-09 21:06
sql查询语句教程
新手园地& & & 硬件问题Linux系统管理Linux网络问题Linux环境编程Linux桌面系统国产LinuxBSD& & & BSD文档中心AIX& & & 新手入门& & & AIX文档中心& & & 资源下载& & & Power高级应用& & & IBM存储AS400Solaris& & & Solaris文档中心HP-UX& & & HP文档中心SCO UNIX& & & SCO文档中心互操作专区IRIXTru64 UNIXMac OS X门户网站运维集群和高可用服务器应用监控和防护虚拟化技术架构设计行业应用和管理服务器及硬件技术& & & 服务器资源下载云计算& & & 云计算文档中心& & & 云计算业界& & & 云计算资源下载存储备份& & & 存储文档中心& & & 存储业界& & & 存储资源下载& & & Symantec技术交流区安全技术网络技术& & & 网络技术文档中心C/C++& & & GUI编程& & & Functional编程内核源码& & & 内核问题移动开发& & & 移动开发技术资料ShellPerlJava& & & Java文档中心PHP& & & php文档中心Python& & & Python文档中心RubyCPU与编译器嵌入式开发驱动开发Web开发VoIP开发技术MySQL& & & MySQL文档中心SybaseOraclePostgreSQLDB2Informix数据仓库与数据挖掘NoSQL技术IT业界新闻与评论IT职业生涯& & & 猎头招聘IT图书与评论& & & CU技术图书大系& & & Linux书友会二手交易下载共享Linux文档专区IT培训与认证& & & 培训交流& & & 认证培训清茶斋投资理财运动地带快乐数码摄影& & & 摄影器材& & & 摄影比赛专区IT爱车族旅游天下站务交流版主会议室博客SNS站务交流区CU活动专区& & & Power活动专区& & & 拍卖交流区频道交流区
白手起家, 积分 197, 距离下一级还需 3 积分
论坛徽章:0
假设有table foo
id& && && && &&&status& && &name
1& && && && && &active& && & a
2& && && && && &active& && & b
3& && && && && &inactive& &&&c
4& && && && && &inactive& &&&d
我想查询状态为inactive的记录中,id为最小的记录的name
是否只能写两条语句来实现呢?
select min(id) from foo where status='inactive' ;
select name from foo where id=3;
能不能用一条命令搞定呢?请教
&&nbsp|&&nbsp&&nbsp|&&nbsp&&nbsp|&&nbsp&&nbsp|&&nbsp
富足长乐, 积分 7254, 距离下一级还需 746 积分
论坛徽章:1
SQL& select *
& && &&&ID STATUS& &&&NAME
---------- ---------- -----
& && && &1 active& &&&a
& && && &2 active& &&&b
& && && &3 inactive& &c
& && && &4 inactive& &d
SQL& select min(name) keep (dense_rank first order by id) name from test
&&2&&where status='inactive';
稍有积蓄, 积分 430, 距离下一级还需 70 积分
论坛徽章:0
SELECT ID, STATUS, NAME,
&&FROM (SELECT ID, STATUS, NAME, ROW_NUMBER() OVER(ORDER BY ID) AS RN
& && && & FROM TEST)
WHERE RN = 1
& &AND STATUS = 'inactive';
小富即安, 积分 4930, 距离下一级还需 70 积分
论坛徽章:0
2楼哥们的方法好啊,简洁明了
白手起家, 积分 25, 距离下一级还需 175 积分
论坛徽章:0
恩不错。。Access俱乐部
?&&&&?&&&&?&&&&?&&&&
您的位置:  > >
[access查询][示例]一个简单的子查询
来源:&&点击数:4757&&评论数:2 &|&&|&
时 间: 08:18:46
作 者:&&&ID:16&&城市:江阴
摘 要:[示例]一个简单的子查询
access中sql语句求教
有一个表A,有字段id,name,num,类型分别为文本,文本,数值
表中数据id,name都可重复,num唯一
现在我想取出所有的id对应的name,同时num是最大的数据,请问select如何写?
      
&&&&【&&】
Access网店
价格:¥50 元
价格:¥100 元
价格:¥100 元
(09-09 21:26)
(09-09 15:40)
(09-09 15:34)
(09-09 15:29)
(09-09 15:03)
(09-09 10:21)
(09-09 10:04)
(09-09 09:42)
(09-08 12:48)
(09-08 12:44)
Access软件网 版权所有 CopyRight
提供支持 本站特聘法律顾问: 李慧 律师sql语句查询求教【软件测试吧】_百度贴吧
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&签到排名:今日本吧第个签到,本吧因你更精彩,明天继续来努力!
本吧签到人数:0成为超级会员,使用一键签到本月漏签0次!成为超级会员,赠送8张补签卡连续签到:天&&累计签到:天超级会员单次开通12个月以上,赠送连续签到卡3张
关注:56,954贴子:
sql语句查询求教收藏
现有两张表,A表语文成绩,B表英语成绩,用oracle查英语成绩加语文成绩的和的前十名该怎么查?select top 10 from A,B order by A.score+B.score desc;select * from (select rownum r,A.score+B.score from A,B)t where A.sid=B.sid and t.r&=10;这两句有没问题?用mysql这样写对不select sid,A.score+B.score as sum_score from A,B order by sum_score desc limit 0,10;
AWS应用测试-云中的真实设备上试验您的应用程序.即刻注册,享12个月免费套餐!
你的表内容太简单了,没有关键的列。不好回答。
select A.sid as sid ,A.score+B.score as sum_score from A,B order by sum_score desc limit 10;是这样吧,前10名不需要把0带上
还有一句where A.sid=B.sid
登录百度帐号推荐应用6063人阅读
JAVA(158)
数据库(42)
本人很懒,非常不想写那些SQL语句,特别是要和列名和值的顺序要一一对应,万一出点错查起来很困难。反正对性能没啥很高要求,那就随手写了个自己拼装SQL语句的代码。
用的c3p0数据库连接池,只完成了单表的增删改查操作,不支持多表操作。
插入操作接口add(String tableName, HashMap&String, String& values)。tableName就是要做操作的表名,values是插入时需要设置的值,采用名值对方式放入Map中。删除操作接口delete(String tableName, HashMap&String, String& conditions)。tableName就是要做操作的表名,conditions是删除时对应的条件,采用名值对方式放入Map中。更新操作接口update(String tableName, HashMap&String, String& values, HashMap&String, String& conditions)。tableName就是要做操作的表名,values是更新时需要设置的值,采用名值对方式放入Map中,conditions是更新时对应的条件,采用名值对方式放入Map中。查询操作接口select(String tableName, HashMap&String, String& conditions)。tableName就是要做操作的表名,conditions是查询时对应的条件,采用名值对方式放入Map中。
import java.sql.*;
import java.util.*;
&* @author Chen Yi &&
public class DatabaseOperate {
// & &String dirverClass = &com.mysql.jdbc.Driver&;
// & &String url = &jdbc:mysql://10.45.7.23:3306/gztr_ema?autoReconnect=true&;
// & &String username = &root&;
// & &String password = &rootroot&;
// & &int minPoolSize = 3;
// & &int maxPoolSize = 15;
& & public ConnectionManager cm =
// & & * @throws Exception
// & &public DatabaseOperate() throws Exception {
// & & & &cm = ConnectionManager.createConnectionManager(dirverClass, url, username, password, maxPoolSize, minPoolSize);
& & &* @param dirverClass
& & &* @param url
& & &* @param username
& & &* @param password
& & &* @param maxPoolSize
& & &* @param minPoolSize
& & &* @throws Exception
& & public DatabaseOperate(String dirverClass, String url, String username, String password, int maxPoolSize, int minPoolSize) throws Exception {
& & & & cm = ConnectionManager.createConnectionManager(dirverClass, url, username, password, maxPoolSize, minPoolSize);
& & &* 增加记录
& & &* @param tableName
& & &* @param values
& & &* @return int 插入后返回插入行的记录
& & &* @throws SQLException&
& & public int add(String tableName, HashMap&String, String& values) throws SQLException {
& & & & Connection conn =
& & & & Statement stmt =
& & & & ResultSet rs =
& & & & int index = -1;
& & & & try {
& & & & & & StringBuilder sql = new StringBuilder();
& & & & & & StringBuilder column = new StringBuilder();
& & & & & & StringBuilder data = new StringBuilder();
& & & & & & if ((values != null) && !values.isEmpty()) {
& & & & & & & & Set&String& input = values.keySet();
& & & & & & & & Iterator&String& it = input.iterator();
& & & & & & & & for (; it.hasNext();) {
& & & & & & & & & & String s = it.next();
& & & & & & & & & & column.append(s);
// & & & & & & & &data.append(&'&);
& & & & & & & & & & data.append(values.get(s));
& & & & & & & & & & if (it.hasNext()) {
& & & & & & & & & & & & column.append(&, &);
& & & & & & & & & & & & data.append(& , &);
& & & & & & & & & & }
& & & & & & & & }
& & & & & & } else {
& & & & & & & & throw new SQLException(& values can not be empty or null&);
& & & & & & }
& & & & & & sql.append(&INSERT INTO &);
& & & & & & sql.append(tableName);
& & & & & & sql.append(& (&);
& & & & & & sql.append(column);
& & & & & & sql.append(&) VALUES ( &);
& & & & & & sql.append(data);
& & & & & & sql.append(&)&);
& & & & & & System.out.println(sql.toString());
& & & & & & conn = cm.getConnection();
& & & & & & stmt = conn.createStatement();
& & & & & & stmt.execute(sql.toString());
& & & & & & rs = stmt.executeQuery(&SELECT LAST_INSERT_ID()&);
& & & & & & if (rs.next()) {
& & & & & & & & index = rs.getInt(1);
& & & & & & }
& & & & & &
& & & & } catch (SQLException e) {
// & & & & & &e.printStackTrace();
& & & & & &
& & & & } finally {
& & & & & & if (rs != null) {
& & & & & & & & try {
& & & & & & & & & & rs.close();
& & & & & & & & } catch (Exception e) {
& & & & & & & & }
& & & & & & }
& & & & & & if (stmt != null) {
& & & & & & & & try {
& & & & & & & & & & stmt.close();
& & & & & & & & } catch (Exception e) {
& & & & & & & & }
& & & & & & }
& & & & & & if (conn != null) {
& & & & & & & & try {
& & & & & & & & & & conn.close();
& & & & & & & & } catch (Exception e) {
& & & & & & & & }
& & & & & & }
& & &* 删除记录
& & &* @param tableName
& & &* @param conditions
& & &* @throws SQLException&
& & public void delete(String tableName, HashMap&String, String& conditions) throws SQLException {
& & & & Connection conn =
& & & & Statement stmt =
& & & & try {
& & & & & & StringBuilder sql = new StringBuilder();
& & & & & & sql.append(&DELETE FROM &);
& & & & & & sql.append(tableName);
& & & & & & if ((conditions != null) && !conditions.isEmpty()) {
& & & & & & & & Set&String& input = conditions.keySet();
& & & & & & & & Iterator&String& it = input.iterator();
& & & & & & & & StringBuilder condition = new StringBuilder();
& & & & & & & & for (; it.hasNext();) {
& & & & & & & & & & String s = it.next();
& & & & & & & & & & condition.append(s);
& & & & & & & & & & condition.append(& = &);
& & & & & & & & & & condition.append(conditions.get(s));
& & & & & & & & & & if (it.hasNext()) {
& & & & & & & & & & & & condition.append(& AND &);
& & & & & & & & & & }
& & & & & & & & }
& & & & & & & & sql.append(& WHERE &);
& & & & & & & & sql.append(condition);
& & & & & & } else {
& & & & & & & & throw new SQLException(& conditions can not be empty or null&);
& & & & & & }
& & & & & & System.out.println(sql.toString());
& & & & & & conn = cm.getConnection();
& & & & & & stmt = conn.createStatement();
& & & & & & stmt.execute(sql.toString());
& & & & } catch (SQLException e) {
// & & & & & &e.printStackTrace();
& & & & & &
& & & & } finally {
& & & & & & if (stmt != null) {
& & & & & & & & try {
& & & & & & & & & & stmt.close();
& & & & & & & & } catch (Exception e) {
& & & & & & & & }
& & & & & & }
& & & & & & if (conn != null) {
& & & & & & & & try {
& & & & & & & & & & conn.close();
& & & & & & & & } catch (Exception e) {
& & & & & & & & }
& & & & & & }
& & &* 更新记录
& & &* @param tableName
& & &* @param values
& & &* @param conditions
& & &* @throws SQLException&
& & public void update(String tableName, HashMap&String, String& values, HashMap&String, String& conditions) throws SQLException {
& & & & Connection conn =
& & & & Statement stmt =
& & & & ResultSet rs =
& & & & try {
& & & & & & StringBuilder sql = new StringBuilder();
& & & & & & sql.append(&UPDATE &);
& & & & & & sql.append(tableName);
& & & & & & sql.append(& SET &);
& & & & & & if ((values != null) && !values.isEmpty()) {
& & & & & & & & Set&String& input = values.keySet();
& & & & & & & & Iterator&String& it = input.iterator();
& & & & & & & & StringBuilder data = new StringBuilder();
& & & & & & & & for (; it.hasNext();) {
& & & & & & & & & & String s = it.next();
& & & & & & & & & & data.append(s + & = & + values.get(s));
& & & & & & & & & & if (it.hasNext()) {
& & & & & & & & & & & & data.append(&,&);
& & & & & & & & & & }
& & & & & & & & }
& & & & & & & & sql.append(data);
& & & & & & } else {
& & & & & & & & throw new SQLException(& values can not be empty or null&);
& & & & & & }
& & & & & & if (((conditions != null) && !conditions.isEmpty())) {
& & & & & & & & Set&String& input = conditions.keySet();
& & & & & & & & Iterator&String& it = input.iterator();
& & & & & & & & StringBuilder condition = new StringBuilder();
& & & & & & & & for (; it.hasNext();) {
& & & & & & & & & & String s = it.next();
& & & & & & & & & & condition.append(s);
& & & & & & & & & & condition.append(& = &);
& & & & & & & & & & condition.append(conditions.get(s));
& & & & & & & & & & if (it.hasNext()) {
& & & & & & & & & & & & condition.append(& AND &);
& & & & & & & & & & }
& & & & & & & & }
& & & & & & & & sql.append(& WHERE &);
& & & & & & & & sql.append(condition);
& & & & & & } else {
& & & & & & & & throw new SQLException(& conditions can not be empty or null&);
& & & & & & }
& & & & & & System.out.println(sql.toString());
& & & & & & conn = cm.getConnection();
& & & & & & stmt = conn.createStatement();
& & & & & & stmt.execute(sql.toString());
& & & & } catch (SQLException e) {
& & & & & &
& & & & } finally {
& & & & & & if (rs != null) {
& & & & & & & & try {
& & & & & & & & & & rs.close();
& & & & & & & & } catch (Exception e) {
& & & & & & & & }
& & & & & & }
& & & & & & if (stmt != null) {
& & & & & & & & try {
& & & & & & & & & & stmt.close();
& & & & & & & & } catch (Exception e) {
& & & & & & & & }
& & & & & & }
& & & & & & if (conn != null) {
& & & & & & & & try {
& & & & & & & & & & conn.close();
& & & & & & & & } catch (Exception e) {
& & & & & & & & }
& & & & & & }
& & &* 查询记录
& & &* @param tableName
& & &* @param conditions
& & &* @return
& & &* @throws SQLException&
& & public Results select(String tableName, HashMap&String, String& conditions) throws SQLException {
& & & & Connection conn =
& & & & Statement stmt =
& & & & ResultSet rs =
& & & & try {
& & & & & & StringBuilder sql = new StringBuilder();
& & & & & & sql.append(&SELECT * FROM &);
& & & & & & sql.append(tableName);
& & & & & & if ((conditions != null) && !conditions.isEmpty()) {
& & & & & & & & Set&String& input = conditions.keySet();
& & & & & & & & Iterator&String& it = input.iterator();
& & & & & & & & StringBuilder condition = new StringBuilder();
& & & & & & & & for (; it.hasNext();) {
& & & & & & & & & & String s = it.next();
& & & & & & & & & & condition.append(s);
& & & & & & & & & & condition.append(& = &);
& & & & & & & & & & condition.append(conditions.get(s));
& & & & & & & & & & if (it.hasNext()) {
& & & & & & & & & & & & condition.append(& AND &);
& & & & & & & & & & }
& & & & & & & & }
& & & & & & & & sql.append(& WHERE &);
& & & & & & & & sql.append(condition);
& & & & & & } else {
& & & & & & & &&
& & & & & & }
& & & & & & System.out.println(sql.toString());
& & & & & & conn = cm.getConnection();
& & & & & & stmt = conn.createStatement();
& & & & & & rs = stmt.executeQuery(sql.toString());
& & & & & & Results results = new Results();
& & & & & & ResultSetMetaData rsm = rs.getMetaData(); //获得列集
& & & & & & int col = rsm.getColumnCount(); &//获得列的个数
& & & & & & String colName[] = new String[col];
& & & & & & //取结果集中的表头名称, 放在colName数组中
& & & & & & for (int i = 0; i & i++) { & //--&第一列,从1开始.所以获取列名,或列值,都是从1开始
& & & & & & & & colName[i] = rsm.getColumnName(i + 1); &//--&获得列值的方式一:通过其序号
// & & & & & & & &System.out.println(colName[i]);
& & & & & & }//End for
& & & & & & rs.last();
& & & & & & int row = rs.getRow();
& & & & & & rs.beforeFirst();
& & & & & & String data[][] = new String[row][col];
& & & & & & //取结果集中的数据, 放在data数组中
& & & & & & for (int i = 0; i & i++) {
& & & & & & & & rs.next();
& & & & & & & & for (int j = 0; j & j++) {
& & & & & & & & & & data[i][j] = rs.getString(j + 1);
// & & & & & & & & & &System.out.print(data[i][j]);
& & & & & & & & }
// & & & & & & & &System.out.println();
& & & & & & }//End for
& & & & & & results.setColumnName(colName);
& & & & & & results.setData(data);
// & & & & & &System.out.println(results.getDataRows());
& & & & & &
& & & & } catch (SQLException e) {
// & & & & & &e.printStackTrace();
& & & & & &
& & & & } finally {
& & & & & & if (rs != null) {
& & & & & & & & try {
& & & & & & & & & & rs.close();
& & & & & & & & } catch (Exception e) {
& & & & & & & & }
& & & & & & }
& & & & & & if (stmt != null) {
& & & & & & & & try {
& & & & & & & & & & stmt.close();
& & & & & & & & } catch (Exception e) {
& & & & & & & & }
& & & & & & }
& & & & & & if (conn != null) {
& & & & & & & & try {
& & & & & & & & & & conn.close();
& & & & & & & & } catch (Exception e) {
& & & & & & & & }
& & & & & & }
// & &public static void main(String[] arg) {
// & & & &try {
// & & & & & &DatabaseOperate dl = new DatabaseOperate();
// & & & & & &HashMap&String, String& values = new HashMap&String, String&();
// & & & & & &values.put(&coId&, &1&);
//// & & & & & &dl.add(&TMF.T_APP_Car&,in);
// & & & & & &HashMap&String, String& conditions = new HashMap&String, String&();
// & & & & & &conditions.put(&userCode&, &'admin'&);
// & & & & & &conditions.put(&coId&, &'2'&);
//// & & & & & &dl.select(&t_app_user&, conditions);
// & & & & & &dl.update(&t_app_user&, values, conditions);
// & & & & & &// & & & & & &System.out.println(rs.getRow());
// & & & &} catch (Exception ex) {
// & & & & & &ex.printStackTrace();
// & & & &}
& & public void close() {
& & & & cm =
为了供多个模块共用,所以在最后close方法中没有调用cm.close()方法,这个根据需要自己添加吧。
main函数是我自己做简单测试用的,也可以当做例子。
另外还有个辅助类用于查询时使用
* @author Chen Yi &&
public class Results {
private String[] columnName =
private String[][] data =
int cursor = -1;
public int findColumnIndex(String name) {
for (int i = 0; i & columnName. i++) {
if (name.equals(columnName[i])) {
return -1;
public int getDataRows() {
return data.
public String getString(String columnName) throws Exception {
int i = findColumnIndex(columnName);
if (i & 0) {
throw new Exception(&Can not find column name: & + columnName);
return data[cursor][i];
public boolean next() {
if (data.length - cursor & 1) {
System.out.println(&cursor at: &+cursor);
if(cursor&=data.length){
cursor = -1;
public void beforeFirst() {
cursor = -1;
public void afterLast() {
cursor = data.
public void clear() {
cursor = -1;
columnName =
* @return the columnName
public String[] getColumnName() {
return columnN
* @param columnName the columnName to set
public void setColumnName(String[] columnName) {
this.columnName = columnN
* @return the data
public String[][] getData() {
* @param data the data to set
public void setData(String[][] data) {
this.data =
&&相关文章推荐
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
访问:2288905次
积分:22086
积分:22086
排名:第333名
原创:300篇
转载:187篇
译文:20篇
评论:517条
(2)(2)(2)(8)(1)(1)(1)(3)(1)(1)(7)(6)(9)(3)(2)(7)(4)(5)(3)(2)(2)(2)(6)(1)(4)(1)(3)(6)(3)(3)(11)(8)(2)(3)(5)(12)(2)(15)(1)(6)(2)(5)(3)(10)(10)(4)(2)(1)(8)(4)(4)(7)(7)(1)(4)(2)(1)(3)(1)(1)(6)(3)(3)(2)(1)(3)(9)(14)(3)(6)(5)(9)(2)(3)(12)(5)(24)(1)(1)(4)(2)(2)(11)(5)(4)(6)(10)(2)(12)(4)(21)(18)(4)(6)(38)}

我要回帖

更多关于 sql查询语句教程 的文章

更多推荐

版权声明:文章内容来源于网络,版权归原作者所有,如有侵权请点击这里与我们联系,我们将及时删除。

点击添加站长微信