Can I pass an SQL query to sql server encoded in hex or decimal?
I am having some problems with collation in sql server, and I am wondering if I开发者_如何学C can "pass" the sql query to the server encoded in some 'universal' way? That is, instead of writing:
select * from table; -- ASCII
I want to write something like:
char(39)char(32)char(3222) -- DECIMAL VALUES
Is there some way that sql server will automatically detect decimal or hex language and convert it on the fly to an ascii sql query and then automatically execute it?
You can do this (as seen in SQL injection attacks).
DECLARE @S VARCHAR(4000)
SET @S=CAST(0x53454C454354202A2046524F4D207379732E6F626A65637473 AS VARCHAR(4000))
EXEC(@S)
I cannot envisage any scenario where this would be required though.
精彩评论