CREATE function [dbo].[F_TOOL_ValidateSQL](@sql varchar(2048)) RETURNS INT WITH EXECUTE AS CALLER as /* 检查SQL条件参数中是否存在非法字符,delete ,insert,update */ BEGIN declare @i int; set @sql=LOWER(@sql); set @i=charindex('delete',@sql) +charindex('update',@sql) +charindex('insert',@sql) +charindex('drop',@sql) +charindex('alter',@sql) +charindex('create',@sql) +charindex('sys',@sql) +charindex(';',@sql) +charindex('sp_',@sql); if(@i>0) begin return (1); end
RETURN (0); END GO
转载请注明原文地址: https://ju.6miu.com/read-40103.html
