?????????????SQL???????SQL???????????????SQL?????????????????????????????????
?????????????????SQL???????????????????飺
??????????????????? ?????? -> ????SQL??????м?? ->?????м?? ->?????м????
????????????е???????????μ?????????????
????????????????????????SQL ?????????SQL??????????
???????????????Users:

 

CREATE TABLE [dbo].[Users](
[Id] [uniqueidentifier] NOT NULL??
[UserId] [int] NOT NULL??
[UserName] [varchar](50) NULL??
[Password] [varchar](50) NOT NULL??
CONSTRAINT [PK_Users] PRIMARY KEY CLUSTERED
(
[Id] ASC
)WITH (PAD_INDEX  = OFF?? STATISTICS_NORECOMPUTE  = OFF??
IGNORE_DUP_KEY = OFF?? ALLOW_ROW_LOCKS  = ON??
ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]
3F3ECD42B7A24B139ECA0A7D584CA195


?????????Щ?????
????INSERT INTO [Test].[dbo].[Users]([Id]??[UserId]??[UserName]??[Password])VALUES (NEWID()??1??'name1'??'pwd1');
????INSERT INTO [Test].[dbo].[Users]([Id]??[UserId]??[UserName]??[Password])VALUES (NEWID()??2??'name2'??'pwd2');
????INSERT INTO [Test].[dbo].[Users]([Id]??[UserId]??[UserName]??[Password])VALUES (NEWID()??3??'name3'??'pwd3');
????INSERT INTO [Test].[dbo].[Users]([Id]??[UserId]??[UserName]??[Password])VALUES (NEWID()??4??'name4'??'pwd4');
????INSERT INTO [Test].[dbo].[Users]([Id]??[UserId]??[UserName]??[Password])VALUES (NEWID()??5??'name5'??'pwd5');
?????????????и???????????棬???????£?
???????????????sql ???£?
????select COUNT(*) from Users where Password = 'a' and UserName = 'b'
??????δ?????Password ??UserName??????????????????????1????????????????????
?????????????SQL ?е???????????????????淶?????????????????SQL??????Щ????????????Щ?????????SQL???????????
?????????????н????

?????????SQL profile ?????SQL ???

??????????????£?
????select COUNT(*) from Users where Password = 'a' and UserName = 'b' or 1=1—'
?????????????UserName??????? “b' or 1=1 –”.
?????????е?SQL????????£?

?????????????????SQL????????