zoukankan
html css js c++ java
ASP上两个防止SQL注入式攻击Function
'
'==========================
'
'过滤提交表单中的SQL
'
'==========================
function
ForSqlForm()
dim
fqys,errc,i,items
dim
nothis(
18
)
nothis(
0
)
=
"
net user
"
nothis(
1
)
=
"
xp_cmdshell
"
nothis(
2
)
=
"
/add
"
nothis(
3
)
=
"
exec%20master.dbo.xp_cmdshell
"
nothis(
4
)
=
"
net localgroup administrators
"
nothis(
5
)
=
"
select
"
nothis(
6
)
=
"
count
"
nothis(
7
)
=
"
asc
"
nothis(
8
)
=
"
char
"
nothis(
9
)
=
"
mid
"
nothis(
10
)
=
"
''
"
nothis(
11
)
=
"
:
"
nothis(
12
)
=
"
""
"
nothis(
13
)
=
"
insert
"
nothis(
14
)
=
"
delete
"
nothis(
15
)
=
"
drop
"
nothis(
16
)
=
"
truncate
"
nothis(
17
)
=
"
from
"
nothis(
18
)
=
"
%
"
'
'nothis(19)="@"
errc
=
false
for
i
=
0
to
ubound
(nothis)
for
each
items in request.Form
if
instr
(request.Form(items),nothis(i))
<>
0
then
response.write(
"
<div>
"
)
response.write(
"
你所填写的信息:
"
&
server.HTMLEncode(request.Form(items))
&
"
<br>含非法字符:
"
&
nothis(i))
response.write(
"
</div>
"
)
response.write(
"
对不起,你所填写的信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>
"
)
response.End()
end
if
next
next
end function
'
'==========================
'
'过滤查询中的SQL
'
'==========================
function
ForSqlInjection()
dim
fqys,errc,i
dim
nothis(
19
)
fqys
=
request.ServerVariables(
"
QUERY_STRING
"
)
nothis(
0
)
=
"
net user
"
nothis(
1
)
=
"
xp_cmdshell
"
nothis(
2
)
=
"
/add
"
nothis(
3
)
=
"
exec%20master.dbo.xp_cmdshell
"
nothis(
4
)
=
"
net localgroup administrators
"
nothis(
5
)
=
"
select
"
nothis(
6
)
=
"
count
"
nothis(
7
)
=
"
asc
"
nothis(
8
)
=
"
char
"
nothis(
9
)
=
"
mid
"
nothis(
10
)
=
"
''
"
nothis(
11
)
=
"
:
"
nothis(
12
)
=
"
""
"
nothis(
13
)
=
"
insert
"
nothis(
14
)
=
"
delete
"
nothis(
15
)
=
"
drop
"
nothis(
16
)
=
"
truncate
"
nothis(
17
)
=
"
from
"
nothis(
18
)
=
"
%
"
nothis(
19
)
=
"
@
"
errc
=
false
for
i
=
0
to
ubound
(nothis)
if
instr
(FQYs,nothis(i))
<>
0
then
errc
=
true
end
if
next
if
errc
then
response.write
"
查询信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>
"
response.end
end
if
end function
查看全文
相关阅读:
使用ASP的优势和劣势
rman的catalog命令
sql exist和in的区别及查询效率比较
zblog模板修改字体大小的教程
js 刷新和关闭页面触发的事件 及操作COOKIE
Flex走出低谷的关键: 打破Flex固有的定义
服务网健康日志中 radio传值解决方案
sql语句查询出表里的第二条、第三条记录(附加多个条件)
鼠标经过超链接文字变色
(asp.net)鼠标放上去的时候文本框的提示消失,鼠标离开又重新显示
原文地址:https://www.cnblogs.com/aowind/p/270995.html
最新文章
SharePoint 2010 列表项代码绑定附件心得 (FileUpload上传附件)
SharePoint 站点出现Http 503 错误
(转)SharePoint WebPart生命周期
(SharePoint 2010)用户代码未处理 FileNotFoundException
JQuery 给基本控件的取值,赋值
SharePoint 2010 SPFieldLookup,SPFieldChoice更新值方法
MOSS/Sharepoint 如何更改一台已经安装了SharePoint的服务器名称(转)
SharePoint 2010 Visual开发Timer Job 代码调试
SharePoint PowerShell Script Create Document Library,Upload File
MySQL服务器变量调优【前人经验总结】
热门文章
web前端性能优化小结
[转]《打造Facebook》精彩摘录(1~6章)
IIS小结
rails MVC请求过程
可扩展系统设计的要点
c#程序内存分配
数据索引的设计,都和什么有关?
asp连接SQL和Access数据代码_asp里的随机函数
Javascript 作用域与this的用法
C++ 连接Oracle
Copyright © 2011-2022 走看看