仓酷云
标题:
MSSQL网站制作之怎样将全文检索中的“搅扰词”往除
[打印本页]
作者:
蒙在股里
时间:
2015-1-16 22:27
标题:
MSSQL网站制作之怎样将全文检索中的“搅扰词”往除
mysql使用内部操作字符集gbk来进行操作,即执行"SELECT*FROMtestWHEREname=xxxor1=1/*LIMIT1";从而注入成功全文检索
包含以下内容,然后挪用:remove_noise_word()便可
<SCRIPTLANGUAGE=javascript>
<!--
noise_word_list_ch=newArray("?","about","$","1","2","3","4","5","6","7","8","9","0","_",
"a","b","c","d","e","f","g","h","i","j","k","l","m","n","o",
"p","q","r","s","t","u","v","w","x","y","z","after","all","also",
"an","and","another","any","are","as","at","be","because","been",
"before","being","between","both","but","by","came","can","come",
"could","did","do","each","for","from","get","got","had","has",
"have","he","her","here","him","himself","his","how","if","in","into",
"is","it","like","make","many","me","might","more","most","much","must",
"my","never","now","of","on","only","or","other","our","out","over","said",
"same","see","should","since","some","still","such","take","than","that",
"the","their","them","then","there","these","they","this","those","through",
"to","too","under","up","very","was","way","we","well","were","what","where",
"which","while","who","with","would","you","your",
"的","一","不","在","人","有","是","为","以","于","上","他","而","后","之","来",
"及","了","因","下","可","到","由","这","与","也","此","但","并","个","其","已",
"无","小","我","们","起","最","再","今","往","好","只","又","或","很","亦","某",
"把","那","你","乃","它");
functiontrim_str_key(inputVal){
inputStr=inputVal.toString()
while((inputStr.charAt(inputStr.length-1)=="")||(inputStr.charAt(0)=="")){
//假如最右侧为空格则删往
if(inputStr.charAt(inputStr.length-1)==""){
inputStr=inputStr.substring(0,inputStr.length-1)
}
//假如最右边为空格则删往
if(inputStr.charAt(0)==""){
inputStr=inputStr.substring(1,inputStr.length)
}
}
returninputStr
}
functionis_ch_noise_word(str_key){
varkey_word=trim_str_key(str_key);
key_word=key_word.toLowerCase();
varlistlength=noise_word_list_ch.length;
vartmp_str="";
for(i=0;i<listlength;i++){
tmp_str=noise_word_list_ch[i]
if(tmp_str==key_word){
returntrue;
}
}
returnfalse;
}
functionremove_noise_word(str_source){
vartmp_str="";
varch="";
varstr_out="";
vari=0;
str_source=trim_str_key(str_source);
varstr_source_length=str_source.length;
if(str_source_length==0){
returnstr_out;
}
for(i=0;i<str_source_length;i++){
ch=str_source.charAt(i);
if(ch==""){//假如为空格则暗示是下一个关头词
if(!(is_ch_noise_word(tmp_str))){//不是搅扰词就输入
if(tmp_str!=""){//避免一连的两个空格
str_out=str_out+tmp_str+"";
}
}
tmp_str="";
}
else{
tmp_str=tmp_str+ch;
}
}
str_out=str_out+tmp_str;
returntrim_str_key(str_out);
}
//上面是一个测试
//varabc="avn";
//varnnnn=remove_noise_word(abc);
//alert(nnnn);
//-->
</SCRIPT>
你看出了作者的深度?深处半米!当初是冲那么多的大牛给他写序才买的,后来才发现无啥内容,作者也只是才用几年的新手,百花了几十两银子,再次感叹当今社会的虚伪与浮躁
作者:
精灵巫婆
时间:
2015-1-17 13:18
代替了原来VB式的错误判断。比Oracle高级不少。
作者:
柔情似水
时间:
2015-1-20 19:10
对于数据库来说,查询是数据库的灵魂,那么SQL查询效率究竟效率如何呢?下文将带对SQL查询的相关问题进行讨论,供您参考。
作者:
不帅
时间:
2015-1-29 15:35
在select语句中可以使用groupby子句将行划分成较小的组,然后,使用聚组函数返回每一个组的汇总信息,另外,可以使用having子句限制返回的结果集。
作者:
透明
时间:
2015-2-6 02:30
多加的系统视图和实时系统信息这些东西对DBA挑优非常有帮助,但是感觉粒度还是不太细。
作者:
蒙在股里
时间:
2015-2-15 02:35
所以你总能得到相应的升级版本,来满足你的需求。
作者:
仓酷云
时间:
2015-3-4 11:08
学习SQL语言的话如果要学会去做网站就不是很难!但是要做数据库管理的话就有难度了!
作者:
再现理想
时间:
2015-3-11 18:42
groupby子句可以将查询结果分组,并返回行的汇总信息Oracle按照groupby子句中指定的表达式的值分组查询结果。
作者:
深爱那片海
时间:
2015-3-19 07:54
对递归类的树遍历很有帮助。个人感觉这个真是太棒了!阅读清晰,非常有时代感。
作者:
活着的死人
时间:
2015-3-27 16:10
如果处理少量数据,比如几百条记录的数据,我不知道这两种情况哪个效率更高,如果处理大量数据呢?比如有表中有20万条记录.
欢迎光临 仓酷云 (http://www.ckuyun.com/)
Powered by Discuz! X3.2