zoukankan
html css js c++ java
ASP上两个防止SQL注入式攻击Function
'
'==========================
'
'过滤提交表单中的SQL
'
'==========================
function
ForSqlForm()
dim
fqys,errc,i,items
dim
nothis(
18
)
nothis(
0
)
=
"
net user
"
nothis(
1
)
=
"
xp_cmdshell
"
nothis(
2
)
=
"
/add
"
nothis(
3
)
=
"
exec%20master.dbo.xp_cmdshell
"
nothis(
4
)
=
"
net localgroup administrators
"
nothis(
5
)
=
"
select
"
nothis(
6
)
=
"
count
"
nothis(
7
)
=
"
asc
"
nothis(
8
)
=
"
char
"
nothis(
9
)
=
"
mid
"
nothis(
10
)
=
"
''
"
nothis(
11
)
=
"
:
"
nothis(
12
)
=
"
""
"
nothis(
13
)
=
"
insert
"
nothis(
14
)
=
"
delete
"
nothis(
15
)
=
"
drop
"
nothis(
16
)
=
"
truncate
"
nothis(
17
)
=
"
from
"
nothis(
18
)
=
"
%
"
'
'nothis(19)="@"
errc
=
false
for
i
=
0
to
ubound
(nothis)
for
each
items in request.Form
if
instr
(request.Form(items),nothis(i))
<>
0
then
response.write(
"
<div>
"
)
response.write(
"
你所填写的信息:
"
&
server.HTMLEncode(request.Form(items))
&
"
<br>含非法字符:
"
&
nothis(i))
response.write(
"
</div>
"
)
response.write(
"
对不起,你所填写的信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>
"
)
response.End()
end
if
next
next
end function
'
'==========================
'
'过滤查询中的SQL
'
'==========================
function
ForSqlInjection()
dim
fqys,errc,i
dim
nothis(
19
)
fqys
=
request.ServerVariables(
"
QUERY_STRING
"
)
nothis(
0
)
=
"
net user
"
nothis(
1
)
=
"
xp_cmdshell
"
nothis(
2
)
=
"
/add
"
nothis(
3
)
=
"
exec%20master.dbo.xp_cmdshell
"
nothis(
4
)
=
"
net localgroup administrators
"
nothis(
5
)
=
"
select
"
nothis(
6
)
=
"
count
"
nothis(
7
)
=
"
asc
"
nothis(
8
)
=
"
char
"
nothis(
9
)
=
"
mid
"
nothis(
10
)
=
"
''
"
nothis(
11
)
=
"
:
"
nothis(
12
)
=
"
""
"
nothis(
13
)
=
"
insert
"
nothis(
14
)
=
"
delete
"
nothis(
15
)
=
"
drop
"
nothis(
16
)
=
"
truncate
"
nothis(
17
)
=
"
from
"
nothis(
18
)
=
"
%
"
nothis(
19
)
=
"
@
"
errc
=
false
for
i
=
0
to
ubound
(nothis)
if
instr
(FQYs,nothis(i))
<>
0
then
errc
=
true
end
if
next
if
errc
then
response.write
"
查询信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>
"
response.end
end
if
end function
查看全文
相关阅读:
2.17NOIP模拟赛(by hzwer) T2 小奇的序列
2.17NOIP模拟赛(by hzwer) T1 小奇挖矿
题解【洛谷P3662】[USACO17FEB]Why Did the Cow Cross the Road II S
题解【CF886B】Vlad and Cafes
题解【CJOJ1070/UVA】嵌套矩形
题解 【CF381A】 Sereja and Dima
何时使用UI层的智能表单技术
开机加电到系统打开究竟发生了什么?(1)
asp.net MVC 常见安全问题及解决方案
HDU 4422 The Little Girl who Picks Mushrooms【水题】
原文地址:https://www.cnblogs.com/aowind/p/270995.html
最新文章
HDU 1394 Minimum Inversion Number(树状数组)
HDU 1394 Minimum Inversion Number(树状数组)
Codeforces 1262B Box
Codeforces 1262B Box
Codeforces 1262A Math Problem
Codeforces 1262A Math Problem
leetcode 2. 两数相加
leetcode 90. 子集 II
leetcode 78. 子集
leetcode 47. 全排列 II
热门文章
leetcode 46. 全排列
leetcode 728. 自除数
leetcode 179. 最大数
leetcode 264. 丑数 II
计算机组成-存储器
计算机组成原理-系统总线
题解【CJOJ1071/UVA】硬币问题
题解【洛谷P1038/CJOJ1707】[NOIP2003]神经网络
题解 【CF755A】 PolandBall and Hypothesis
2.17NOIP模拟赛(by hzwer) T3 小奇回地球
Copyright © 2011-2022 走看看