作家
登录

ASP下的两个防止SQL注入式攻击的Function

作者: 来源:www.28hudong.com 2013-03-30 08:34:54 阅读 我要评论

用于防止sql注入攻击的 函数,大家可以直接用了,不过大家光会用不行,要增强安全意识复制代码 代码如下:'========================== '过滤提交表单中的SQL '========================== function ForSqlForm() dim fqys,errc,i,items dim nothis(18) nothis(0)="net user" nothis(1)="xp_cmdshell" nothis(2)="/add" nothis(3)="exec%20master.dbo.xp_cmdshell" nothis(4)="net localgroup administrators" nothis(5)="select" nothis(6)="count" nothis(7)="asc" nothis(8)="char" nothis(9)="mid" nothis(10)="'" nothis(11)=":" nothis(12)="""" nothis(13)="insert" nothis(14)="delete" nothis(15)="drop" nothis(16)="truncate" nothis(17)="from" nothis(18)="%" 'nothis(19)="@" errc=false for i= 0 to ubound(nothis) for each items in request.Form if instr(request.Form(items),nothis(i))<>0 then response.write("<div>") response.write("你所填写的信息:" & server.HTMLEncode(request.Form(items)) & "<br>含非法字符:" & nothis(i)) response.write("</div>") response.write("对不起,你所填写的信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>") response.End() end if next next end function '========================== '过滤查询中的SQL '========================== function ForSqlInjection() dim fqys,errc,i dim nothis(19) fqys = request.ServerVariables("QUERY_STRING") nothis(0)="net user" nothis(1)="xp_cmdshell" nothis(2)="/add" nothis(3)="exec%20master.dbo.xp_cmdshell" nothis(4)="net localgroup administrators" nothis(5)="select" nothis(6)="count" nothis(7)="asc" nothis(8)="char" nothis(9)="mid" nothis(10)="'" nothis(11)=":" nothis(12)="""" nothis(13)="insert" nothis(14)="delete" nothis(15)="drop" nothis(16)="truncate" nothis(17)="from" nothis(18)="%" nothis(19)="@" errc=false for i= 0 to ubound(nothis) if instr(FQYs,nothis(i))<>0 then errc=true end if next if errc then response.write "查询信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>" response.end end if end function

  推荐阅读

  易心asp分页类 v1.0

易心asp分页类v1.0 复制代码 代码如下:<% class Ex_SplitPageCls '========================================================================== '易心asp分页类v1.0 '作者:易心 QQ:343931221 '个人网站 www>>>详细阅读


本文标题:ASP下的两个防止SQL注入式攻击的Function

地址:http://www.17bianji.com/kaifa2/ASP/32409.html

关键词: 探索发现

乐购科技部分新闻及文章转载自互联网,供读者交流和学习,若有涉及作者版权等问题请及时与我们联系,以便更正、删除或按规定办理。感谢所有提供资讯的网站,欢迎各类媒体与乐购科技进行文章共享合作。

网友点评
自媒体专栏

评论

热度

精彩导读
栏目ID=71的表不存在(操作类型=0)