악성 sql이란?
insert into OBJECTINFO(PROGRESSCODE, ORG_CD, COURSE_SEQ, ORG_SEQ, OBJ_SEQ, LMS_KEY, LEARNER_ID, LEARNER_NAME, TOTAL_TIME, SCORE_SCALED, COMPLETION_STATUS, COMPLETION_THRESHOLD, ENTRY_INFO, CREDIT, EXIT_STATUS, LAUNCH_DATA, LOCATION, MAX_TIME_ALLOWED,
MODE_INFO, PROGRESS_MEASURE, SCALED_PASSING_SCORE, SUCCESS_STATUS, SUSPEND_DATA, TIME_LIMIT_ACTION, SCORE_RAW, SCORE_MAX, SCORE_MIN, LEARNER_PREFERENCE_AUDIO_LEVEL, LEARNER_PREFERENCE_LANGUAGE, LEARNER_PREFERENCE_DELIVERY_SP, LEARNER_PREFERENCE_AUDIO_CAPTI,
USER_ID, UPDATE_DT, PROG_ID, ATTEMPT) values(SM4_OBJECTINFO_SEQ.nextval, ?, ?, ?, (SELECT CASE WHEN (SELECT COURSE_TYPE FROM LCMS_ORGANIZATION WHERE ORG_CD='$' AND COURSE_SEQ=# AND ORG_SEQ=#)='$' THEN (SELECT A.OBJ_SEQ FROM
LCMS_COURSE_ITEM A, LCMS_ITEM B WHERE B.ITEM_ID='$' AND A.ORG_CD='$' AND A.COURSE_SEQ=# AND A.ORG_SEQ=# AND A.ITEM_SEQ=B.ITEM_SEQ) ELSE (SELECT A.OBJ_SEQ FROM LCMS_COURSE_ITEM A, LCMS_ORGANIZATION B, LCMS_ITEM C WHERE
C.ITEM_ID='$' AND A.ORG_CD='$' AND A.COURSE_SEQ=# AND A.ORG_SEQ=# AND C.ITEM_SEQ=A.ITEM_SEQ AND C.ORG_CD=B.BEFORE_ORG_CD AND C.ORG_SEQ=B.BEFORE_ORG_SEQ AND B.ORG_CD=A.ORG_CD AND B.ORG_SEQ=A.ORG_SEQ AND B.COURSE_SEQ=A.COURSE_SEQ) END AS OBJ_SEQ FROM DUAL ), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, SYSDATE, ?, ?)
====================================
저런 식의 sql을 실제 사이트에서 사용하기도 하나요?
저건 무슨 md5보다 더하네요
SQL Formatter
SQL Formatter
아, 나는 잉여인간인가...
INSERT INTO OBJECTINFO ( PROGRESSCODE, ORG_CD, COURSE_SEQ, ORG_SEQ, OBJ_SEQ, LMS_KEY, LEARNER_ID, LEARNER_NAME, TOTAL_TIME, SCORE_SCALED, COMPLETION_STATUS, COMPLETION_THRESHOLD, ENTRY_INFO, CREDIT, EXIT_STATUS, LAUNCH_DATA, LOCATION, MAX_TIME_ALLOWED, MODE_INFO, PROGRESS_MEASURE, SCALED_PASSING_SCORE, SUCCESS_STATUS, SUSPEND_DATA, TIME_LIMIT_ACTION, SCORE_RAW, SCORE_MAX, SCORE_MIN, LEARNER_PREFERENCE_AUDIO_LEVEL, LEARNER_PREFERENCE_LANGUAGE, LEARNER_PREFERENCE_DELIVERY_SP, LEARNER_PREFERENCE_AUDIO_CAPTI, USER_ID, UPDATE_DT, PROG_ID, ATTEMPT ) VALUES ( SM4_OBJECTINFO_SEQ.NEXTVAL, ?, ?, ?, ( SELECT CASE WHEN ( SELECT COURSE_TYPE FROM LCMS_ORGANIZATION WHERE ORG_CD = '$' AND COURSE_SEQ = # AND ORG_SEQ = # ) = '$' THEN ( SELECT A.OBJ_SEQ FROM LCMS_COURSE_ITEM A, LCMS_ITEM B WHERE B.ITEM_ID = '$' AND A.ORG_CD = '$' AND A.COURSE_SEQ = # AND A.ORG_SEQ = # AND A.ITEM_SEQ = B.ITEM_SEQ ) ELSE ( SELECT A.OBJ_SEQ FROM LCMS_COURSE_ITEM A, LCMS_ORGANIZATION B, LCMS_ITEM C WHERE C.ITEM_ID = '$' AND A.ORG_CD = '$' AND A.COURSE_SEQ = # AND A.ORG_SEQ = # AND C.ITEM_SEQ = A.ITEM_SEQ AND C.ORG_CD = B.BEFORE_ORG_CD AND C.ORG_SEQ = B.BEFORE_ORG_SEQ AND B.ORG_CD = A.ORG_CD AND B.ORG_SEQ = A.ORG_SEQ AND B.COURSE_SEQ = A.COURSE_SEQ ) END AS OBJ_SEQ FROM DUAL ), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, SYSDATE, ?, ? )정작 정리하고 보니 OBJ_SEQ 컬럼만 복잡하네요. 아마 처음부터 저렇게 짠 건 아닐테고 유지보수 하다 보니 저렇게 된 듯 하네요.
그나저나 이거 오라클인가요?
= #구문은 첨 보네요.http://lf.hisfy.com/