asp中一段防SQL注入的通用脚本

作者：来源：www.28hudong.com 2013-03-30 08:41:56 阅读16次 我要评论

'屏蔽通过地址栏攻击 url=Request.ServerVariables("QUERY_STRING") if instr(url,";")>=1 then url=Replace(url,";","；") : Response.Redirect("?" & url) end if '屏蔽通过表单攻击 for each item in request.form stritem=lcase(server.HTMLEncode(Request.form(item))) if instr(stritem,"select ")>=1 or instr(stritem,"insert ")>=1 or instr(stritem,"update ")>=1 or instr(stritem,"delete ")>=1 or instr(stritem,"exec ")>=1 or instr(stritem,"declare ")>=1 then response.write ("对不起,请不要输入非法字符!") response.end end if next

　　推荐阅读

　　Highlight patterns within strings

复制代码代码如下:'Replaces pattern with highlighted replacement (using style) and preserves case Public Function highlight(strText, strFind) Dim objRegExp, i, strHighlight 'Split the >>>详细阅读

本文标题：asp中一段防SQL注入的通用脚本

地址：http://www.17bianji.com/kaifa2/ASP/32599.html

1/2 1

顶一下

关键词：探索发现